Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.21.0 < 9.0.0
- , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'puppetlabs-complyadm', '3.2.1'Learn more about managing modules with a PuppetfileDocumentation
complyadm
For details on how to use this set of bolt plans, please refer to the documentation at https://www.puppet.com/docs/comply/3.x/comply.html
Reference
Table of Contents
Classes
complyadm: Base comply class that configures the system for anything shared acrosscomplyadm::component::assessor_upgrade: installs and configures the main backend componentcomplyadm::component::frontdoor: installs and configures the frontdoor component.complyadm::component::gatekeeper: installs and configures the main backend componentcomplyadm::component::graphql: installs and configures the main backend componentcomplyadm::component::graphql_init: installs and configures the main backend componentcomplyadm::component::identity: installs and configures the main backend componentcomplyadm::component::mtls_proxy: installs and configures the main backend componentcomplyadm::component::postgres: installs and configures postgres as the databasecomplyadm::component::redis: installs and configures the main backend componentcomplyadm::component::scarpy: installs and configures the main backend componentcomplyadm::component::scarpy_assessor_init: installs and configures the main backend componentcomplyadm::component::scarpy_init: installs and configures the main backend componentcomplyadm::component::ui: installs and configures the ui service component.complyadm::component::ui_assessor_init: installs and configures the main backend componentcomplyadm::log_rotation: Profile to manage log rotation tool
Defined types
complyadm::logrotate_config: Create a logrotate config for a given set of files This type attempts to make some sane assumptions that suit our application. For instance,complyadm::runtime::run: Abstraction to allow for both podman and docker to run a container For docker, it leverages the docker module's existingdocker::runFor pocomplyadm::runtime::volume: Creates a volume for the given name using the configured runtime (docker or podman). Docker leverages the docker module'sdocker_volumere
Functions
complyadm::backup::format_resultscomplyadm::bolt_project_dircomplyadm::bolt_project_files_dircomplyadm::bolt_project_inventory_targetscomplyadm::bolt_versioncomplyadm::checks::aggregate_results: Aggregates check results (validate, preflight, or other)complyadm::checks::format_results: Formats check results for display in the consolecomplyadm::checks::format_summary: Creates summary for the end of check outputcomplyadm::display: Display a string to the user. We use this function for displaying info that we dont need to go into logs. Or to avoid the issues we see withcomplyadm::download_image: Download container image tarball from image_urlcomplyadm::encode: Encodes a stringcomplyadm::file_dirnamecomplyadm::generate_cert_chaincomplyadm::migrate::env_to_hashcomplyadm::module_versioncomplyadm::save_yaml_file: Takes a hash object, calls .to_yaml and saves it to diskcomplyadm::secure_randomcomplyadm::status_check: containers are running.complyadm::verify_certsrandom_string: Generates a random hex stringrandom_uuid: Generates a random uuid
Data types
Complyadm::Config: Configuration values for ComplyComplyadm::Config::Comply_assessor_upgrade: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_assessor_upgrade component. Important: DataTypes useComplyadm::Config::Comply_frontdoor: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_frontdoor component. Important: DataTypes used hereComplyadm::Config::Comply_gatekeeper: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_gatekeeper component. Important: DataTypes used hereComplyadm::Config::Comply_graphql: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_graphql component. Important: DataTypes used here muComplyadm::Config::Comply_graphql_init: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_graphql_init component. Important: DataTypes used heComplyadm::Config::Comply_identity: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_identity component. Important: DataTypes used here mComplyadm::Config::Comply_mtls_proxy: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_mtls_proxy component. Important: DataTypes used hereComplyadm::Config::Comply_postgres: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_postgres component. Important: DataTypes used here mComplyadm::Config::Comply_redis: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_redis component. Important: DataTypes used here mustComplyadm::Config::Comply_scarpy: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_scarpy component. Important: DataTypes used here musComplyadm::Config::Comply_scarpy_assessor_init: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_scarpy_assessor_init component. Important: DataTypesComplyadm::Config::Comply_scarpy_init: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_scarpy_init component. Important: DataTypes used herComplyadm::Config::Comply_ui: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_ui component. Important: DataTypes used here must beComplyadm::Config::Comply_ui_assessor_init: Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_scarpy_assessor_init component. Important: DataTypesComplyadm::ContainerComplyadm::Hiera_config: Comply configuration that customers can changeComplyadm::RolesComplyadm::Runtime: Supported Comply runtimes. For further information on supported runtimes, visitComplyadm::Support_bundle::Database_infoComplyadm::Support_bundle::Journald_services
Tasks
backup: Back up the target system's Comply installationcollect_target_info: Collect troubleshooting info from a Comply targetmigrate_secrets: Migrate secrets from a 2.X system into a new 3.X system.restore: Restore the target system's Comply installation using the given backupuninstall: Uninstall Complyupdate_database_configuration: Run an SQL statement against the supplied bitnami/postgresql database container
Classes
complyadm
multiple components.
Parameters
The following parameters are available in the complyadm class:
runtime
Data type: Complyadm::Runtime
which runtime is being used
ca_crt
Data type: Optional[String]
puppet ca cert
Default value: undef
complyadm::component::assessor_upgrade
installs and configures the main backend component
Parameters
The following parameters are available in the complyadm::component::assessor_upgrade class:
config
Data type: Complyadm::Config::Comply_assessor_upgrade
subset of Complyadm::Config specific to assessor_upgrade
complyadm::component::frontdoor
installs and configures the frontdoor component.
Parameters
The following parameters are available in the complyadm::component::frontdoor class:
config
Data type: Complyadm::Config::Comply_frontdoor
subset of Complyadm::Config specific to the frontdoor service.
complyadm::component::gatekeeper
installs and configures the main backend component
Parameters
The following parameters are available in the complyadm::component::gatekeeper class:
config
Data type: Complyadm::Config::Comply_gatekeeper
subset of Complyadm::Config specific to gatekeeper
complyadm::component::graphql
installs and configures the main backend component
Parameters
The following parameters are available in the complyadm::component::graphql class:
config
Data type: Complyadm::Config::Comply_graphql
subset of Complyadm::Config specific to graphql
complyadm::component::graphql_init
installs and configures the main backend component
Parameters
The following parameters are available in the complyadm::component::graphql_init class:
config
Data type: Complyadm::Config::Comply_graphql_init
subset of Complyadm::Config specific to graphql_init
complyadm::component::identity
installs and configures the main backend component
Parameters
The following parameters are available in the complyadm::component::identity class:
config
Data type: Complyadm::Config::Comply_identity
subset of Complyadm::Config specific to identity
complyadm::component::mtls_proxy
docker run -d -v /etc/puppetlabs/comply/mtls_proxy_nginx.conf:/etc/nginx/nginx.conf -v /etc/puppetlabs/comply/pe:/etc/ssl/certs -p 30303:80 nginx
Parameters
The following parameters are available in the complyadm::component::mtls_proxy class:
config
Data type: Complyadm::Config::Comply_mtls_proxy
subset of Complyadm::Config specific to mtls_proxy
complyadm::component::postgres
installs and configures postgres as the database
Parameters
The following parameters are available in the complyadm::component::postgres class:
config
Data type: Complyadm::Config::Comply_postgres
subset of Complyadm::Config specific to postgres
complyadm::component::redis
installs and configures the main backend component
Parameters
The following parameters are available in the complyadm::component::redis class:
config
Data type: Complyadm::Config::Comply_redis
subset of Complyadm::Config specific to redis
complyadm::component::scarpy
installs and configures the main backend component
Parameters
The following parameters are available in the complyadm::component::scarpy class:
config
Data type: Complyadm::Config::Comply_scarpy
subset of Complyadm::Config specific to scarpy
complyadm::component::scarpy_assessor_init
installs and configures the main backend component
Parameters
The following parameters are available in the complyadm::component::scarpy_assessor_init class:
config
Data type: Complyadm::Config::Comply_scarpy_assessor_init
subset of Complyadm::Config specific to scarpy_assessor_init
complyadm::component::scarpy_init
installs and configures the main backend component
Parameters
The following parameters are available in the complyadm::component::scarpy_init class:
config
Data type: Complyadm::Config::Comply_scarpy_init
subset of Complyadm::Config specific to scarpy_init
complyadm::component::ui
installs and configures the ui service component.
Parameters
The following parameters are available in the complyadm::component::ui class:
config
Data type: Complyadm::Config::Comply_ui
subset of Complyadm::Config specific to the ui service.
complyadm::component::ui_assessor_init
installs and configures the main backend component
Parameters
The following parameters are available in the complyadm::component::ui_assessor_init class:
config
Data type: Complyadm::Config::Comply_ui_assessor_init
subset of Complyadm::Config specific to assessor_init
complyadm::log_rotation
Profile to manage log rotation tool
Defined types
complyadm::logrotate_config
Create a logrotate config for a given set of files This type attempts to make some sane assumptions that suit our application. For instance, we only keep 1 compressed log file from the previous rotation. We explicitly switch to root (logrotate runs as root by default anyways).
complyadm::logrotate_config('/var/log/puppet/*.log', '100M', 'echo "Reload the service"', 3)
Examples
Rotate logs in /var/log/puppet/*.log
Parameters
The following parameters are available in the complyadm::logrotate_config defined type:
path
Data type: String[1]
A path to files that should be rotated. Accepts file globs.
size_mb
Data type: Integer[1]
Total logs stored will be up to twice the amount specified in MB here since we keep the last rotated file.
post_rotate_cmd
Data type: String[1]
Command to run after rotating log files
keep_files
Data type: Integer[0]
How many rotated log files to keep
complyadm::runtime::run
Abstraction to allow for both podman and docker to run a container
For docker, it leverages the docker module's existing docker::run
For podman, it creates start and stop bash scripts and systemd service
file to run them to replicate what the docker module does for docker.
Parameters
The following parameters are available in the complyadm::runtime::run defined type:
runtimeimagenetportsvolumesenvenv_filepull_on_startextra_parametersbefore_startbefore_stopcmdafterextra_systemd_parametersafter_createinstall_runtime
runtime
Data type: Complyadm::Runtime
The runtime to use to run the container
image
Data type: String
The image to use as the base for the container
net
Data type: Variant[String,Array[String[1],1],Undef]
The existing runtime network to connect to
Default value: undef
ports
Data type: Variant[String,Array,Undef]
A list of TCP ports to publish in the container
Default value: []
volumes
Data type: Variant[String,Array,Undef]
A list of volumes to mount in the container
Default value: []
env
Data type: Variant[String,Array]
A list of environment variables to set in the container
Default value: []
env_file
Data type: Variant[String,Array]
A list of environment files to set in the container
Default value: []
pull_on_start
Data type: Boolean
Whether to pull the image on start. Not implemented for podman
Default value: false
extra_parameters
Data type: Variant[String,Array[String],Undef]
Extra parameters to pass to the runtime
Default value: undef
before_start
Data type: Variant[String,Boolean]
A command to run before starting the container
Default value: false
before_stop
Data type: Variant[String,Boolean]
A command to run before stopping the container
Default value: false
cmd
Data type: Optional[String]
The command to run in the container
Default value: undef
after
Data type: Variant[String,Array]
A list of containers to start before starting this container
Default value: []
extra_systemd_parameters
Data type: Variant[String,Hash]
Extra parameters to pass to the systemd service
Default value: {}
after_create
Data type: Optional[String]
Command to run after creating, but before starting container
Default value: undef
install_runtime
Data type: Optional[Boolean]
Flag to denote if using a managed runtime environment
Default value: undef
complyadm::runtime::volume
Creates a volume for the given name using the configured
runtime (docker or podman). Docker leverages the docker
module's docker_volume resource, while podman uses an
exec resource to directly create the volume
Parameters
The following parameters are available in the complyadm::runtime::volume defined type:
ensure
Data type: Enum['present','absent']
The desired state of the volume
Default value: 'present'
runtime
Data type: Complyadm::Runtime
The runtime to use for creating the volume
Default value: 'docker'
Functions
complyadm::backup::format_results
Type: Ruby 4.x API
The complyadm::backup::format_results function.
complyadm::backup::format_results(Array $results)
The complyadm::backup::format_results function.
Returns: String
result
Data type: Array
array containing the backup_list results to display
results
Data type: Array
complyadm::bolt_project_dir
Type: Ruby 4.x API
The complyadm::bolt_project_dir function.
complyadm::bolt_project_dir()
The complyadm::bolt_project_dir function.
Returns: String[1]
complyadm::bolt_project_files_dir
Type: Ruby 4.x API
The complyadm::bolt_project_files_dir function.
complyadm::bolt_project_files_dir()
The complyadm::bolt_project_files_dir function.
Returns: String[1]
complyadm::bolt_project_inventory_targets
Type: Ruby 4.x API
The complyadm::bolt_project_inventory_targets function.
complyadm::bolt_project_inventory_targets()
The complyadm::bolt_project_inventory_targets function.
Returns: Array[Target]
complyadm::bolt_version
Type: Ruby 4.x API
The complyadm::bolt_version function.
complyadm::bolt_version()
The complyadm::bolt_version function.
Returns: String[1]
complyadm::checks::aggregate_results
Type: Ruby 4.x API
Aggregates check results (validate, preflight, or other)
complyadm::checks::aggregate_results(Array $results)
Aggregates check results (validate, preflight, or other)
Returns: Hash
results
Data type: Array
array of check results from various check plans
complyadm::checks::format_results
Type: Ruby 4.x API
Formats check results for display in the console
complyadm::checks::format_results(String $header, Hash $results)
Formats check results for display in the console
Returns: String
header
Data type: String
the text displayed at the top of the section in white text
result
Data type: Hash
hash containing the check results to display
results
Data type: Hash
complyadm::checks::format_summary
Type: Ruby 4.x API
Creates summary for the end of check output
complyadm::checks::format_summary(Array $results)
Creates summary for the end of check output
Returns: String
results
Data type: Array
list of results hashes that need to be summarized
complyadm::display
Type: Ruby 4.x API
Display a string to the user. We use this function for displaying info that we dont need to go into logs. Or to avoid the issues we see with out::message and prompts. Calling function with no param is good way to insert new lines.
complyadm::display(Optional[String] $data)
Display a string to the user. We use this function for displaying info that we dont need to go into logs. Or to avoid the issues we see with out::message and prompts. Calling function with no param is good way to insert new lines.
Returns: Any
data
Data type: Optional[String]
String we want to display
complyadm::download_image
Type: Ruby 4.x API
Download container image tarball from image_url
complyadm::download_image(String[1] $image_url, String[1] $dest_path)
The complyadm::download_image function.
Returns: Any
image_url
Data type: String[1]
URL pointing to the image to download
dest_path
Data type: String[1]
Absolute path to the location where image tarballs will be stored on disk
complyadm::encode
Type: Ruby 4.x API
Encodes a string
complyadm::encode(String[1] $value)
The complyadm::encode function.
Returns: String[1] A URI encoded version of the string
value
Data type: String[1]
A string with the value to encode
complyadm::file_dirname
Type: Ruby 4.x API
The complyadm::file_dirname function.
complyadm::file_dirname(String $path)
The complyadm::file_dirname function.
Returns: String[1]
path
Data type: String
complyadm::generate_cert_chain
Type: Ruby 4.x API
The complyadm::generate_cert_chain function.
complyadm::generate_cert_chain(String $hostname)
The complyadm::generate_cert_chain function.
Returns: Any
hostname
Data type: String
complyadm::migrate::env_to_hash
Type: Ruby 4.x API
The complyadm::migrate::env_to_hash function.
complyadm::migrate::env_to_hash(Array[Hash] $env_json)
The complyadm::migrate::env_to_hash function.
Returns: Hash
env_json
Data type: Array[Hash]
complyadm::module_version
Type: Ruby 4.x API
The complyadm::module_version function.
complyadm::module_version()
The complyadm::module_version function.
Returns: Any
complyadm::save_yaml_file
Type: Ruby 4.x API
Takes a hash object, calls .to_yaml and saves it to disk
complyadm::save_yaml_file(Hash $data, String $relative_file_path)
Takes a hash object, calls .to_yaml and saves it to disk
Returns: String[1] The absolute file path of where it was saved
data
Data type: Hash
A hash to write as yaml
relative_file_path
Data type: String
path relative to the bolt project
complyadm::secure_random
Type: Ruby 4.x API
The complyadm::secure_random function.
complyadm::secure_random(Integer $length)
The complyadm::secure_random function.
Returns: String
length
Data type: Integer
complyadm::status_check
Type: Ruby 4.x API
containers are running.
complyadm::status_check(String $resolvable_hostname)
containers are running.
Returns: Boolean boolean - true if the status api endpoint returns healthy, false if not
resolvable_hostname
Data type: String
The resolvable hostname to check
complyadm::verify_certs
Type: Ruby 4.x API
The complyadm::verify_certs function.
complyadm::verify_certs(String $cert_chain_contents, String $key_contents)
The complyadm::verify_certs function.
Returns: Any
cert_chain_contents
Data type: String
key_contents
Data type: String
random_string
Type: Ruby 4.x API
Generates a random hex string
random_string()
The random_string function.
Returns: String Random hex string
random_uuid
Type: Ruby 4.x API
Generates a random uuid
random_uuid()
The random_uuid function.
Returns: String Random uuid
Data types
Complyadm::Config
Values are populated from both user input via {Complyadm::Hiera_config} and hard-coded application defaults.
This Datatype can be new-ed up using the function {Complyadm::Config()}
Examples
running a command against all Comply infra targets
$config = Complyadm::Config()
$targets = $config['all_targets']
run_command($targets, 'whoami')
Alias of
Struct[{
all_targets => Array[Target],
images => Struct[{
comply_graphql => String[1],
comply_graphql_init => String[1],
comply_scarpy => String[1],
comply_scarpy_init => String[1],
comply_ui => String[1],
comply_frontdoor => String[1],
comply_redis => String[1],
comply_mtls_proxy => String[1],
comply_scarpy_assessor_init => String[1],
comply_ui_assessor_init => String[1],
comply_assessor_upgrade => String[1],
comply_identity => String[1],
comply_gatekeeper => String[1],
comply_postgres => String[1],
}],
roles => Complyadm::Roles,
runtime => Complyadm::Runtime,
install_runtime => Boolean,
backup_dir => String[1],
dump_filename => String[1],
ssl => Optional[Struct[{
cert_chain => Optional[String[1]],
crl => Optional[String[1]],
private_key => Variant[Sensitive[String[1]], Sensitive[Undef]],
}]],
resolvable_hostname => Optional[String[1]],
assessor_version => String[1],
pe => String,
ca_crt => String,
tls_crt => String,
tls_key => String,
}]
Complyadm::Config::Comply_assessor_upgrade
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_assessor_upgrade component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
}]
Complyadm::Config::Comply_frontdoor
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_frontdoor component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
cert_chain => String,
private_key => String,
crl => String,
}]
Complyadm::Config::Comply_gatekeeper
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_gatekeeper component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
client_secret => String[1],
cookie_secret => String[1],
hostname => String[1],
scarpy => String[1],
graphql => String[1],
ui => String[1],
}]
Complyadm::Config::Comply_graphql
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_graphql component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
}]
Complyadm::Config::Comply_graphql_init
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_graphql_init component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
}]
Complyadm::Config::Comply_identity
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_identity component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
client_secret => String[1],
hostname => String[1],
identity_account => String[1],
identity_account_console => String[1],
identity_admin_cli => String[1],
identity_broker => String[1],
identity_realm_management => String[1],
identity_security_admin_console => String[1],
ca_crt => String,
}]
Complyadm::Config::Comply_mtls_proxy
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_mtls_proxy component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
pe_cert_checks_disabled => Boolean,
tls_crt => String,
tls_key => String,
}]
Complyadm::Config::Comply_postgres
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_postgres component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
log_level => String[1],
comply_db_username => String[1],
identity_db_username => String[1],
comply_db_password => String[1],
identity_db_password => String[1],
admin_db_username => String[1],
}]
Complyadm::Config::Comply_redis
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_redis component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
}]
Complyadm::Config::Comply_scarpy
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_scarpy component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
ca_crt => String,
}]
Complyadm::Config::Comply_scarpy_assessor_init
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_scarpy_assessor_init component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
}]
Complyadm::Config::Comply_scarpy_init
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_scarpy_init component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
}]
Complyadm::Config::Comply_ui
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_ui component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
}]
Complyadm::Config::Comply_ui_assessor_init
Subtype of {Complyadm::Config} that is passed to puppet code for configuring the comply_scarpy_assessor_init component.
Important: DataTypes used here must be serializable, or come from puppet modules since they are passed to target nodes.
Alias of
Struct[{
container => Complyadm::Container,
}]
Complyadm::Container
The Complyadm::Container data type.
Alias of
Struct[{
runtime => Complyadm::Runtime,
install_runtime => Boolean,
name => String[1],
image => String[1],
net => String[1],
ports => Optional[Variant[String,Array]],
extra_parameters => Optional[String[1]],
extra_systemd_parameters => Optional[Hash],
after => Optional[Variant[String,Array]],
cmd => Optional[String],
env_vars => Optional[Hash],
healthcheck => Optional[String[1]],
}]
Complyadm::Hiera_config
Comply configuration that customers can change
Alias of
Struct[{
targets => Struct[{
backend => Array[String[1]],
database => Array[String[1]],
ui => Array[String[1]],
}],
admin_db_password => String[1],
comply_db_password => String[1],
comply_db_username => Optional[String[1]],
identity_db_password => String[1],
identity_db_username => Optional[String[1]],
resolvable_hostname => String[1],
runtime => Optional[Complyadm::Runtime],
install_runtime => Optional[Boolean],
secret_key => String[16],
backup_dir => Optional[String[1]],
containers => Optional[Struct[{
postgres => Optional[Struct[{
log_level => Optional[Enum['INFO', 'NOTICE', 'WARNING', 'ERROR']],
max_log_size_mb => Optional[Integer[1]],
keep_log_files => Optional[Integer[0]],
extra_parameters => Optional[String[1]],
}]],
}]],
# browser tls config
ssl_cert_chain => Optional[String[1]],
ssl_crl => Optional[String[1]],
ssl_private_key => Optional[String[1]],
# identity/gatekeeper secrets
identity_account => String[1],
identity_account_console => String[1],
identity_admin_cli => String[1],
identity_broker => String[1],
identity_realm_management => String[1],
identity_security_admin_console => String[1],
client_secret => String[1],
cookie_secret => String[1],
db_encryption_key => String[1],
identity_admin_user => String[1],
identity_admin_password => String[1],
# redis passwords
redis_password => String[1],
assessor_update_check_interval => String[1],
data_retention_period => String[1],
fact_update_check_interval => String[1],
# assessor info
user_assessor_version => String[1],
hasura_admin_secret => String[1],
pe => String,
log_level => Enum['info', 'warn', 'debug'],
ca_crt => String,
tls_crt => String,
tls_key => String,
cert_chain => String,
private_key => String,
crl => String,
}]
Complyadm::Roles
The Complyadm::Roles data type.
Alias of
Struct[{
backend => Struct[{
services => Struct[{
comply_graphql => Complyadm::Config::Comply_graphql,
comply_scarpy => Complyadm::Config::Comply_scarpy,
comply_redis => Complyadm::Config::Comply_redis,
comply_identity => Complyadm::Config::Comply_identity,
comply_gatekeeper => Complyadm::Config::Comply_gatekeeper,
comply_frontdoor => Complyadm::Config::Comply_frontdoor,
comply_mtls_proxy => Complyadm::Config::Comply_mtls_proxy,
comply_graphql_init => Complyadm::Config::Comply_graphql_init,
comply_scarpy_assessor_init => Complyadm::Config::Comply_scarpy_assessor_init,
comply_scarpy_init => Complyadm::Config::Comply_scarpy_init,
comply_assessor_upgrade => Complyadm::Config::Comply_assessor_upgrade,
}],
targets => Array[Target],
}],
database => Struct[{
services => Struct[{
comply_postgres => Complyadm::Config::Comply_postgres,
}],
targets => Array[Target],
}],
ui => Struct[{
services => Struct[{
comply_ui => Complyadm::Config::Comply_ui,
comply_ui_assessor_init => Complyadm::Config::Comply_ui_assessor_init,
}],
targets => Array[Target],
}],
}]
Complyadm::Runtime
https://www.puppet.com/docs/comply/3.x/comply.html
Alias of Enum['docker', 'podman']
Complyadm::Support_bundle::Database_info
The Complyadm::Support_bundle::Database_info data type.
Alias of
Struct[{
container_name => String[1],
database_user => String[1],
}]
Complyadm::Support_bundle::Journald_services
The Complyadm::Support_bundle::Journald_services data type.
Alias of
Struct[{
role_name => String[1],
services => Array[String[1]],
}]
Tasks
backup
Back up the target system's Comply installation
Supports noop? false
Parameters
runtime
Data type: Complyadm::Runtime
Comply container runtime
backup_dir
Data type: String[1]
The directory on the target where the backups are stored
database_info
Data type: Complyadm::Support_bundle::Database_info
Information on the database to back up.
image
Data type: String[1]
The comply_postgres image on the target system. Used to determine the version of Comply, and run volume tar backups.
version
Data type: String[1]
The version of the comply module used to create the backup.
volumes
Data type: Array[Hash[String[1], String[1]]]
The docker volumes on the target that should be included in the backup
collect_target_info
Collect troubleshooting info from a Comply target
Supports noop? false
Parameters
runtime
Data type: Complyadm::Runtime
Comply container runtime
journald_services
Data type: Array[Complyadm::Support_bundle::Journald_services]
Collect Journald logs for services grouped by the role name.
database_info
Data type: Optional[Complyadm::Support_bundle::Database_info]
If provided, will collect data from the database which is assumed to be running.
migrate_secrets
Migrate secrets from a 2.X system into a new 3.X system.
Supports noop? false
Parameters
runtime
Data type: Complyadm::Runtime
Comply container runtime
salt
Data type: String[1]
The 2.X personal access token salt.
pepper
Data type: String[1]
The 2.X pepper.
restore
Restore the target system's Comply installation using the given backup
Supports noop? false
Parameters
runtime
Data type: Complyadm::Runtime
Comply container runtime
backup_dir
Data type: String[1]
The directory on the target where the backups are stored
backup_archive
Data type: String[1]
The backup archive file to use for the restore
database_info
Data type: Complyadm::Support_bundle::Database_info
Details on the Comply database
database_image
Data type: String[1]
The comply_postgres image on the target system. Used to restore the DB.
assessor_image
Data type: String[1]
The assessor image on the target system. Used to restore volumes.
uninstall
Uninstall Comply
Supports noop? false
Parameters
runtime
Data type: Complyadm::Runtime
Comply container runtime
backup_dir
Data type: String[1]
The directory on the target where the backups are stored
containers
Data type: Array[Hash[String[1], Variant[String[1], Undef, Boolean, Hash, Tuple]]]
The name and volume associated with each container to delete
update_database_configuration
Run an SQL statement against the supplied bitnami/postgresql database container
Supports noop? false
Parameters
runtime
Data type: Complyadm::Runtime
Comply container runtime
database_info
Data type: Complyadm::Support_bundle::Database_info
If provided, will collect data from the database which is assumed to be running.
sql
Data type: String[1]
The SQL to run to update the database configuration
Change log
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v3.2.1 (2024-09-02)
Added
- CISC-6910 Remove need for CRL within frontdoor/ui #201 (seamymckenna)
- CISC-6909 Update module metadata #200 (seamymckenna)
Fixed
- (CISC-6897) Fix Migration issue following oauth2-proxy image bump #199 (seamymckenna)
v3.2.0 (2024-08-16)
Added
v3.1.0 (2024-06-27)
Added
- (CISC-6760) Update Upgrade Sequencing #172 (seamymckenna)
- (CISC-6718) Use complyadm metadata version in UI #169 (seamymckenna)
- (CISC-6699) Assessor 4.42.0 update #162 (seamymckenna)
- (CISC-6719) Update TLS Cert Validation #161 (seamymckenna)
- (CISC-6697) Allow user to proceed if TLS cert validation fails #158 (seamymckenna)
- (CISC-6663) Add pdk validation #154 (seamymckenna)
Fixed
- (CISC-6713) Remove Storing of Podman IP's #157 (seamymckenna)
v3.0.3 (2024-06-07)
v3.0.2 (2024-05-16)
Fixed
- (CISC-6687) Update graphql_init environment #153 (cliveweir)
- (CISC-6680) Fix typo in upgrade plan #152 (cliveweir)
- (CISC-6677) Remove unused code in database installation role #151 (cliveweir)
- (CISC-6671) Create dump_root directory if it doesn't exist #149 (cliveweir)
v3.0.1 (2024-05-07)
v3.0.0 (2024-05-02)
Added
- (CISC-3264) Initial commit, upload images #1 (seamymckenna)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs-docker (>= 5.1.0 <= 10.1.0)
- puppetlabs-pkcs7 (>= 0.1.2 <= 0.1.2)
- puppetlabs-yumrepo_core (>= 2.1.0 <= 2.1.0)
- puppetlabs-puppet_agent (>= 4.0.0 <= 4.21.0)
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.