From 73a0e413de867b8f6eb388e5c4dadbd3339d92c0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 28 Sep 2022 23:44:58 +0200 Subject: [PATCH] Release prep v1.1.6 (#75) Co-authored-by: GitHub Action --- CHANGELOG.md | 299 +++++++++++++++++++++++++++++ REFERENCE.md | 517 ++++++++++++++++++++++++++++++++++++++++++++++---- metadata.json | 2 +- pdk.yaml | 2 + 4 files changed, 778 insertions(+), 42 deletions(-) create mode 100644 pdk.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index b63c508..43ca2ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1 +1,300 @@ # Change log + +All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). + +## [v1.1.6](https://github.com/puppetlabs/puppetlabs-patching_as_code/tree/v1.1.6) (2022-09-28) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-patching_as_code/compare/v1.1.5...v1.1.6) + +### Fixed + +- fix release versions to match tags [\#74](https://github.com/puppetlabs/puppetlabs-patching_as_code/pull/74) ([binford2k](https://github.com/binford2k)) +- improved logic for pre\_reboot\_commands [\#73](https://github.com/puppetlabs/puppetlabs-patching_as_code/pull/73) ([kreeuwijk](https://github.com/kreeuwijk)) +- setting up history for auto changelog generation [\#72](https://github.com/puppetlabs/puppetlabs-patching_as_code/pull/72) ([binford2k](https://github.com/binford2k)) + +# Changelog + +All notable changes to this project will be documented in this file. + +## v1.1.5 + +**Improvements** +- Added support for RHEL 9 in the reboot detection script. + +## v1.1.4 + +**Improvements** +- Added support for matching against full process arguments for the `patching_as_code::unsafe_process_list`. + +## v1.1.3 + +**Bugfixes** +- No longer logs `Puppet Unknown variable: 'reboot'` on runs outside of the patch day. + +**Improvements** +- Correctly handles multi-architecture package updates, e.g. when there is an update for both the `i686` and `x86_64` version of a package. + +## v1.1.2 + +**Bugfixes** +- Fixes a bug that caused High Priority OS patches for Windows not to be installed, due to the wrong variable being used. + +**Improvements** +- Deduplicates the list of installed patches on the last run, reported in the `patching_as_code` fact. + +## v1.1.1 + +**Improvements** +- Fix incorrect YAML code markers in `README.md`. + +## v1.1.0 + +**Features** +- Adds support for high priority patches on an alternate patch schedule. +- Adds `high_priority_only` parameter to the `patching_as_code` class, for compatibility with the `puppetlabs/change_window` module. + +**Improvements** +- Ensures the last_run fact data only gets written during the patch window. + +## v1.0.5 + +**Bugfixes** +- Moves the location of the `patching_as_code` fact content to `/opt/puppetlabs/patching_as_code` (or `%ProgramData%\PuppetLabs\patching_as_code` on Windows), to remove a dependency on `pe_patch/os_patching` creating the directory where the last_run file content can be stored. +- Fixes an incompatibility with `os_patching` that was caused by the wrong directory being assumed for the `patching_as_code` fact content when using `os_patching`. + +## v1.0.4 + +**Features** +- Added a `patching_as_code` fact that details the date & time of the last successful patch run, as well as which packages were installed. + +## v1.0.3 + +**Bugfixes** +- No longer adds `Exec[Patching as Code - Clean Cache]` to the `require` metaparameter of managed Chocolatey package resources that will be patched. + +## v1.0.2 + +**Improvements** +- Split the `allowlist` and `blacklist` to have dedicated lists for Chocolatey, with the new `allowlist_choco` and `blacklist_choco` parameters. These new parameters now must be used for Chocolatey packages, the regular `allowlist` and `blacklist` will not affect Chocolatey packages anymore. +- Pending OS reboots will now no longer occur if `enable_patching` has been changed to `false`. This is to enable the `enable_patching` parameter being used as a single switch to ensure that no disruptive action can happen at all. + +## v1.0.1 + +**Bugfixes** +- Improved processing of the `patching_as_config_choco` fact, to ensure backwards compatibility with Facter 3. +- The `patching_as_config_choco` fact now no longer errors on a system that does not have `patching_as_config` enabled. + +## v1.0.0 + +**Features** +- Added ability to update Chocolatey packages as part of the patching run, by setting `patch_choco => true`. Allowlist & blocklist settings will be applied to Chocolatey packages as well. + +**Improvements** +- Enable control of behavior for automatic uploading of facts by the `pe_patch` and `os_patching` modules (contributed by @prolixalias) +- Fix cause of deprecation message `Calling function empty() with Numeric value is deprecated` (contributed by @prolixalias) + +## v0.7.11 + +**Improvements** +- Deduplicates the list of patches to install, preventing any possible duplicate resource declarations if the list of patches to install contains the same patch more than once for any reason + +## v0.7.10 + +**Improvements** +- Allow reinstalls of KB4052623 as these are also monthly AV definition updates + +## v0.7.9 + +**Bugfixes** +- Correct KB2267202 to KB2267602 + +## v0.7.8 + +**Improvements** +- Allow reinstalls of KB2267202 and KB2461484 as these are monthly AV definition updates + +## v0.7.7 + +**Bugfixes** +- Removed a dependency on the `patching_as_code_config` fact inside of the `is_patchday()` function, preventing possible catalog compilation failures as a result of the `patching_as_code_config` fact not yet existing for new agents. + +## v0.7.6 + +**Bugfixes** +- Account for the `patching_as_code_utc_offset` fact to be empty in some situations + +## v0.7.5 + +**Improvements** +- Now correctly adjusts for timezone differences between the Puppet Server and the managed node, ensuring that the local node time & date gets used to calculate if today is patch day. +- Now logs messages in the Puppet Server log to report the calculated local node time & day, as well as whether or not today is patch day for the node. + +## v0.7.4 + +**Bugfixes** +- Fixes a missing `schedule` metaparameter for the `Notify[Patching as Code - Update Fact]`, which would cause the `pe_patch` fact to update at every Puppet run during the patch day, instead of only during the maintenance window. + +## v0.7.3 + +**Bugfixes** +- Correctly handles package declarations where the title of the package resource does not match the name of the package. + +## v0.7.2 + +**Improvements** +- The pre-patch reboot in case of any pending reboots now happens also if it is patchday but there are no patches to install. This facilitates parallel patching tools to have installed patches before Puppet's patch window, with Puppet performing the actual reboot. + +## v0.7.1 + +**Improvements** +- Adopted the `eval_generate` function in the `patch_package` type to ensure that newly generated `package` resources become children of the `patching_as_code::linux::patchday` class. This provides better context for these package resources, which can be leveraged in external reporting tools (e.g. Splunk). +- Simplified the `patch_package` type, removed capabilities that are no longer needed +- Moved the logic to trigger the patch fact refresh to the main manifest +- Simplified the patchday classes + +## v0.7.0 + +**Features** +- Moves the post-patch reboot logic to its own stage (`patch_reboot`), which runs after the `main` stage. This should ensure that reboots only happen at the end of the Puppet run. +- Removed the `notify` logic for triggering the reboots from installed patches, in favor of handling the reboot logic in the new `patch_reboot` stage. +- Deduplicated the calling of the Exec resource that refreshes the patch fact, ensuring this only happens once now. + +## v0.6.2 + +**Features** +- Adds support for setting the value `Any` to the `day_of_week` parameter in a patch schedule + +## v0.6.1 + +**Bugfixes** +- Removed the `weekday` attribute of the `schedule` resource that this module uses internally to restrict when patches can be applied. In certain edge cases where the Puppet server is in a very different timezone from a managed node, there can be a 1 day date difference between the two systems. This creates a scenario where the node never receives a valid patch schedule. By removing the `weekday` parameter from the `schedule` resource, this can no longer occur. Other logic still protects the actual day on which the patching is allowed so this parameter wasn't necessary. + +## v0.6.0 + +**Features** +- Adds support for providing an array of values to the `patch_group` attribute of the `patching_as_code` class +- Adds support for providing an array of values to the `count_of_week` parameter in a patch schedule + +## v0.5.0 + +**Features** +- Removes dependency on the `windows_updates` module, we can now install Windows Updates natively +- Adds a Task to install a Windows Update over WinRM or PCP +- Updates the PDK to 2.0.0 +- No longer fails the resource if the Windows Update is no longer available/applicable for the node +- Write a `patching_as_code_config` fact that reports configuration state +- Support security-only patching via a new `security_only` parameter to the class. This works for Linux today, but requires a not-yet shipped update to `pe_patch` for Windows +- Preparations for being able to run `patching_as_code` as a plan, not yet active. + +## v0.4.3 + +**Bugfixes** +- Ensure `yum-utils` package on all RedHat/CentOS versions, not just 8 +- Use `ensure_packages()` for safer enforcement of `yum-utils` package + +## v0.4.2 + +**Bugfixes** +- Account for `$facts['operatingsystemmajrelease']` returning a string instead of an integer + +## v0.4.1 + +**Bugfixes** +- For parsing the result of `/usr/bin/needs-restarting -r` in CentOS 7/8, the script was `if [ $? -eq 0 ]` instead of `if [ $? -eq 1 ]`, which caused the logic to be flipped. + +## v0.4.0 + +**Features** +- Completely rewrote the reboot behavior, so that pending reboot detections fully works both before patching and after patching, in the same Puppet run. There is no more dependency on the `reboots.reboot_required` portion of the `pe_patch`/`os_patching` fact, all logic is now internal and no longer requires multiple Puppet runs. +- Changed the default schedules to `reboot: ifneeded` (was `reboot: always`), now that the pending reboot logic has improved so much +- Ensured that pre_reboot commands will now trigger when necessary (only one scenario can happen at a time): + - when an OS pending reboot is detected at the start of a run (before patching) + - when an OS pending reboot is detected at the end of a run (after patching) +- Forced pre_reboot commands (which are essentially Exec resources) to use the `posix` provider on Linux and the `powershell` provider on Windows, so that the pending reboot detection logic can be injected to the resource dynamically. + +## v0.3.0 + +**Features** +- Rewrote updating of Linux packages to use a custom type (`patch_package`), which dynamically updates and/or creates `package` resources for patching in the catalog on the agent side. This ensures no duplicate package declarations can occur on the server side, due to the parsing-order dependency of `defined()` and `defined_with_params()`. Neither of these functions are used anymore. + +## v0.2.9 + +**Bugfixes** +- Also protect against duplicate package declarations when `ensure` is set to a version. This isn't 100% bulletproof as the check is parse-order-dependent, but will work in most cases. + +## v0.2.8 + +**Bugfixes** +- Ensured Linux patches cannot cause duplicate declarations + +## v0.2.7 + +**Bugfixes** +- Added dependency to `puppetlabs/puppet_agent` to the module's metadata + +## v0.2.6 + +**Features** +- Added a `patch_unsafe_process_active` custom fact that reflects if any process from the `unsafe_process_list` parameter was found active on the system. +- Added a `unsafe_process_list` parameter to the `patching_as_code` class, which defines processes for the system that must cause patching to be skipped if any of those processes are active. Defaults to an empty array. + +## v0.2.5 + +**Features** +- Added cache cleanup for other providers (dnf, apt, zypper) +- Added refresh of `pe_patch::fact::exec` / `os_patching::fact::exec` resources, to auto-update patch state after patching. This prevents unneccesary patching runs that perform no updates + +**Bugfixes** +- Increased reboot delay after patching from 1 to 5 minutes, to account for remaining activities in the Puppet run + +## v0.2.4 + +**Bugfixes** +- Fixes the datatype of the `metered_link` fact, this was expected to be Boolean but got reported as a String, causing the logic to break. + +## v0.2.3 + +**Features** +- Added a `metered_link` custom fact that detects metered network connections on Windows +- Added a `patch_on_metered_links` parameter to the `patching_as_code` class, which controls if patches are installed when running over a metered link (Windows only). Defaults to `false`. + +## v0.2.2 + +**Features** +- This update ensures that patching_as_code defaults to NOT classify the pe_patch class on PE 2019.8.0, so that you can use the builtin "PE Patch Management" node group(s) to classify pe_patch. Since UI will be further improved in PE for this, it makes sense that this would be the leading way to classify pe_patch. This module can still be given control over pe_patch, as described in the updated Readme. +- The blacklist and whitelist have been renamed to blocklist and allowlist. +- Documentation has been updated, with a reference for the main manifest. + +## v0.2.1 + +**Bugfixes** +Ensure pre/post-patching & pre-reboot commands use the same schedule + +## v0.2.0 + +Fixes pending reboot logic, adds pre/post-patching & pre-reboot command support + +**Features** +- Ensures pending reboots are handled correctly, skipping patch installs completely +- Allows defining `Exec` resources dynamically for pre/post-patching & pre-reboot commands +- Refactors reboot logic into main manifest + +**Known Issues** +Tested on Windows 2016 and 2019, and CentOS 7 + +## v0.1.0 + +Initial release + +**Features** +- Integrates with `albatrossflavour/os_patching` and `puppetlabs/pe_patch` +- Customizable patch windows +- Patch window based on Nth weekday in the month +- Reboot control +- Yum clean support + +**Known Issues** +Tested on Windows 2016 and 2019, and CentOS 7 + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/REFERENCE.md b/REFERENCE.md index 85b3dac..9d5b023 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1,15 +1,42 @@ # Reference + ## Table of Contents -**Classes** +### Classes * [`patching_as_code`](#patching_as_code): Framework for patch management as code. Works alongside the puppetlabs/pe_patch or albatrossflavour/os_patching modules +* [`patching_as_code::high_prio_reboot`](#patching_as_codehigh_prio_reboot): Class: patching_as_code::high_prio_reboot +* [`patching_as_code::linux::patchday`](#patching_as_codelinuxpatchday): Class: patching_as_code::linux::patchday Performs the actual patching on Linux +* [`patching_as_code::reboot`](#patching_as_codereboot): Class: patching_as_code::reboot +* [`patching_as_code::windows::patchday`](#patching_as_codewindowspatchday): Class: patching_as_code::windows::patchday Performs the actual patching on Windows +* [`patching_as_code::wu`](#patching_as_codewu): class patching_as_code::wu + +### Defined types + +* [`patching_as_code::kb`](#patching_as_codekb): define patching_as_code::kb + +### Resource types + +* [`patch_package`](#patch_package): Define a package resource to patch +* [`reboot_if_pending`](#reboot_if_pending): Perform a clean reboot if it was pending before this agent run + +### Functions + +* [`patching_as_code::dedupe_arch`](#patching_as_codededupe_arch) +* [`patching_as_code::high_prio_last_run`](#patching_as_codehigh_prio_last_run) +* [`patching_as_code::is_patchday`](#patching_as_codeis_patchday) +* [`patching_as_code::last_run`](#patching_as_codelast_run) +* [`patching_as_code::process_patch_groups`](#patching_as_codeprocess_patch_groups) + +### Tasks + +* [`install_kb`](#install_kb): Immediately installs a specific KB update ## Classes -### patching_as_code +### `patching_as_code` Framework for patch management as code. Works alongside the puppetlabs/pe_patch or albatrossflavour/os_patching modules @@ -39,16 +66,41 @@ class {'patching_as_code': #### Parameters -The following parameters are available in the `patching_as_code` class. - -##### `patch_group` - -Data type: `Variant[String,Array[String]]` - +The following parameters are available in the `patching_as_code` class: + +* [`Variant`](#Variant) +* [`patch_schedule`](#patch_schedule) +* [`blocklist`](#blocklist) +* [`allowlist`](#allowlist) +* [`blocklist_choco`](#blocklist_choco) +* [`allowlist_choco`](#allowlist_choco) +* [`high_priority_patch_group`](#high_priority_patch_group) +* [`high_priority_list`](#high_priority_list) +* [`high_priority_list_choco`](#high_priority_list_choco) +* [`unsafe_process_list`](#unsafe_process_list) +* [`pre_patch_commands`](#pre_patch_commands) +* [`post_patch_commands`](#post_patch_commands) +* [`pre_reboot_commands`](#pre_reboot_commands) +* [`fact_upload`](#fact_upload) +* [`plan_patch_fact`](#plan_patch_fact) +* [`enable_patching`](#enable_patching) +* [`security_only`](#security_only) +* [`high_priority_only`](#high_priority_only) +* [`use_pe_patch`](#use_pe_patch) +* [`classify_pe_patch`](#classify_pe_patch) +* [`patch_on_metered_links`](#patch_on_metered_links) +* [`patch_group`](#patch_group) +* [`patch_choco`](#patch_choco) + +##### `Variant` + +Data type: `String, Array[String]` + +patch_group Name(s) of the patch_group(s) for this node. Must match one or more of the patch groups in $patch_schedule To assign multiple patch groups, provide this parameter as an array -##### `patch_schedule` +##### `patch_schedule` Data type: `Hash` @@ -56,63 +108,63 @@ Hash of available patch_schedules. Default schedules are in /data/common.yaml of Options: -* **:day_of_week** `String`: Day of the week to patch, valid options: 'Any', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday', 'Sunday' +* **:day_of_week** `String`: Day of the week to patch, valid options: 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday', 'Sunday' * **:count_of_week** `Variant[Integer,Array[Integer]]`: Which week(s) in the month to patch, use number(s) between 1 and 5 * **:hours** `String`: Which hours on patch day to patch, define a range as 'HH:MM - HH:MM' * **:max_runs** `String`: How many Puppet runs during the patch window can Puppet install patches. Must be at least 1. * **:reboot** `String`: Reboot behavior, valid options: 'always', 'never', 'ifneeded' -##### `blocklist` +##### `blocklist` Data type: `Array` List of updates to block from installing -##### `allowlist` +##### `allowlist` Data type: `Array` List of updates that are allowed to be installed. Any updates not on this list get blocked. -##### `blocklist_choco` +##### `blocklist_choco` Data type: `Array` List of Chocolatey updates to block from installing -##### `allowlist_choco` +##### `allowlist_choco` Data type: `Array` List of Chocolatey updates that are allowed to be installed. Any Chocolatey updates not on this list get blocked. -##### `high_priority_patch_group` +##### `high_priority_patch_group` Data type: `String` Name of the high_priority_patch_group for this node. Must match a patch group in `$patch_schedule` This patch schedule will only be used for patches in the `$high_priority_list`. -##### `high_priority_list` +##### `high_priority_list` Data type: `Array` List of updates to install on the patch schedule set by `$high_priority_patch_group`. -##### `high_priority_list_choco` +##### `high_priority_list_choco` Data type: `Array` List of Chocolatey updates to install on the patch schedule set by `$high_priority_patch_group`. -##### `unsafe_process_list` +##### `unsafe_process_list` Data type: `Array` List of processes that will cause patching to be skipped if any of the processes in the list are active on the system. Prepend an entry with `{full}` to match against the full process arguments. -##### `pre_patch_commands` +##### `pre_patch_commands` Data type: `Hash` @@ -124,7 +176,7 @@ Options: * **:path** `String`: The path for the command * **:provider** `String`: The provider for the command -##### `post_patch_commands` +##### `post_patch_commands` Data type: `Hash` @@ -136,7 +188,7 @@ Options: * **:path** `String`: The path for the command * **:provider** `String`: The provider for the command -##### `pre_reboot_commands` +##### `pre_reboot_commands` Data type: `Hash` @@ -146,10 +198,9 @@ Options: * **:command** `String`: The pre-reboot command to execute * **:path** `String`: The path for the command +* **:provider** `String`: The provider for the command -Note: the provider for the command gets forced to `posix` on Linux and `powershell` on Windows - -##### `fact_upload` +##### `fact_upload` Data type: `Optional[Boolean]` @@ -157,36 +208,37 @@ How os_patching/pe_patch handles changes to fact cache. Defaults to true. When true (default), `puppet fact upload` occurs as expected When false, changes to fact cache are not uploaded -Default value: `true` +Default value: ``true`` -##### `plan_patch_fact` +##### `plan_patch_fact` Data type: `Optional[String]` Reserved parameter for running `patching_as_code` via a Plan (future functionality). -Default value: `undef` +Default value: ``undef`` -##### `enable_patching` +##### `enable_patching` Data type: `Optional[Boolean]` -Controls if `patching_as_code` is allowed to install any updates. Can be used to disable patching with a single override. +Controls if `patching_as_code` is allowed to install any updates. +Can be used to disable patching with a single override. -Default value: `true` +Default value: ``true`` -##### `security_only` +##### `security_only` Data type: `Optional[Boolean]` Install only security updates. Requires latest version of Puppet Enterprise to work on Windows. When using `os_patching`, security updates can only be applied to Linux. -If patching of Chocolatey packages is enabled, Chocolatey packages will still update even if +If patching of Chocolatey packages is enabled, those packages will still update even if `security_only` is set to `true`. -Default value: `false` +Default value: ``false`` -##### `high_priority_only` +##### `high_priority_only` Data type: `Optional[Boolean]` @@ -195,17 +247,17 @@ regular patches from being installed, and will skip a pending reboot at the begi run if a pending reboot is detected. A pending reboot may still happen at the end of the patch run, as long as the patch schedule set by `$high_priority_patch_group` allows reboots to occur. -Default value: `false` +Default value: ``false`` -##### `use_pe_patch` +##### `use_pe_patch` Data type: `Optional[Boolean]` Use the pe_patch module if available (PE 2019.8+). Defaults to true. -Default value: `true` +Default value: ``true`` -##### `classify_pe_patch` +##### `classify_pe_patch` Data type: `Optional[Boolean]` @@ -216,9 +268,9 @@ When disabled (default), you can use PE's own "PE Patch Management" groups to classify nodes with pe_patch. In that case, please make sure you match the patch_group variable in pe_patch with the patch_group in patching_as_code -Default value: `false` +Default value: ``false`` -##### `patch_on_metered_links` +##### `patch_on_metered_links` Data type: `Optional[Boolean]` @@ -227,4 +279,387 @@ metered link. This setting only has affect for Windows operating systems. When enabled, patching are installed even over a metered link. When disabled (default), patches are not installed over a metered link. -Default value: `false` +Default value: ``false`` + +##### `patch_group` + +Data type: `Variant[String,Array[String]]` + + + +##### `patch_choco` + +Data type: `Optional[Boolean]` + + + +Default value: ``false`` + +### `patching_as_code::high_prio_reboot` + +Class: patching_as_code::high_prio_reboot + +#### Parameters + +The following parameters are available in the `patching_as_code::high_prio_reboot` class: + +* [`reboot_if_needed`](#reboot_if_needed) +* [`reboot_delay`](#reboot_delay) + +##### `reboot_if_needed` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### `reboot_delay` + +Data type: `Integer` + + + +Default value: `120` + +### `patching_as_code::linux::patchday` + +Class: patching_as_code::linux::patchday +Performs the actual patching on Linux + +#### Parameters + +The following parameters are available in the `patching_as_code::linux::patchday` class: + +* [`updates`](#updates) +* [`choco_updates`](#choco_updates) +* [`high_prio_updates`](#high_prio_updates) +* [`high_prio_choco_updates`](#high_prio_choco_updates) + +##### `updates` + +Data type: `Array` + + + +##### `choco_updates` + +Data type: `Array` + + + +Default value: `[]` + +##### `high_prio_updates` + +Data type: `Array` + + + +Default value: `[]` + +##### `high_prio_choco_updates` + +Data type: `Array` + + + +Default value: `[]` + +### `patching_as_code::reboot` + +Class: patching_as_code::reboot + +#### Parameters + +The following parameters are available in the `patching_as_code::reboot` class: + +* [`reboot_if_needed`](#reboot_if_needed) +* [`reboot_delay`](#reboot_delay) + +##### `reboot_if_needed` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### `reboot_delay` + +Data type: `Integer` + + + +Default value: `120` + +### `patching_as_code::windows::patchday` + +Class: patching_as_code::windows::patchday +Performs the actual patching on Windows + +#### Parameters + +The following parameters are available in the `patching_as_code::windows::patchday` class: + +* [`updates`](#updates) +* [`choco_updates`](#choco_updates) +* [`high_prio_updates`](#high_prio_updates) +* [`high_prio_choco_updates`](#high_prio_choco_updates) + +##### `updates` + +Data type: `Array` + + + +##### `choco_updates` + +Data type: `Array` + + + +##### `high_prio_updates` + +Data type: `Array` + + + +Default value: `[]` + +##### `high_prio_choco_updates` + +Data type: `Array` + + + +Default value: `[]` + +### `patching_as_code::wu` + +class patching_as_code::wu + +## Defined types + +### `patching_as_code::kb` + +define patching_as_code::kb + +#### Parameters + +The following parameters are available in the `patching_as_code::kb` defined type: + +* [`ensure`](#ensure) +* [`kb`](#kb) +* [`maintwindow`](#maintwindow) + +##### `ensure` + +Data type: `Any` + + + +Default value: `'enabled'` + +##### `kb` + +Data type: `Any` + + + +Default value: `$name` + +##### `maintwindow` + +Data type: `Any` + + + +Default value: ``undef`` + +## Resource types + +### `patch_package` + +Define a package resource to patch + +#### Parameters + +The following parameters are available in the `patch_package` type. + +* [`chocolatey`](#chocolatey) +* [`name`](#name) +* [`patch_window`](#patch_window) + +##### `chocolatey` + +Whether this is a Chocolatey package (Windows only) + +##### `name` + +namevar + +Name of the package to patch + +##### `patch_window` + +Puppet schedule to link package resource to + +### `reboot_if_pending` + +Perform a clean reboot if it was pending before this agent run + +#### Parameters + +The following parameters are available in the `reboot_if_pending` type. + +* [`name`](#name) +* [`os`](#os) +* [`patch_window`](#patch_window) + +##### `name` + +namevar + +Name of this resource (has no function) + +##### `os` + +OS type from kernel fact + +##### `patch_window` + +Puppet schedule to link the reboot resource to + +## Functions + +### `patching_as_code::dedupe_arch` + +Type: Ruby 4.x API + +The patching_as_code::dedupe_arch function. + +#### `patching_as_code::dedupe_arch(Array $patches)` + +The patching_as_code::dedupe_arch function. + +Returns: `Any` + +##### `patches` + +Data type: `Array` + + + +### `patching_as_code::high_prio_last_run` + +Type: Ruby 4.x API + +The patching_as_code::high_prio_last_run function. + +#### `patching_as_code::high_prio_last_run(Array $patches, Array $choco_patches)` + +The patching_as_code::high_prio_last_run function. + +Returns: `Any` + +##### `patches` + +Data type: `Array` + + + +##### `choco_patches` + +Data type: `Array` + + + +### `patching_as_code::is_patchday` + +Type: Puppet Language + +The patching_as_code::is_patchday function. + +#### `patching_as_code::is_patchday(Enum['Any','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Sunday'] $day_of_week, Variant[Integer, Array] $week_iteration, String $patch_group)` + +The patching_as_code::is_patchday function. + +Returns: `Any` + +##### `day_of_week` + +Data type: `Enum['Any','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Sunday']` + + + +##### `week_iteration` + +Data type: `Variant[Integer, Array]` + + + +##### `patch_group` + +Data type: `String` + + + +### `patching_as_code::last_run` + +Type: Ruby 4.x API + +The patching_as_code::last_run function. + +#### `patching_as_code::last_run(Array $patches, Array $choco_patches)` + +The patching_as_code::last_run function. + +Returns: `Any` + +##### `patches` + +Data type: `Array` + + + +##### `choco_patches` + +Data type: `Array` + + + +### `patching_as_code::process_patch_groups` + +Type: Puppet Language + +The patching_as_code::process_patch_groups function. + +#### `patching_as_code::process_patch_groups()` + +The patching_as_code::process_patch_groups function. + +Returns: `Any` + +## Tasks + +### `install_kb` + +Immediately installs a specific KB update + +**Supports noop?** false + +#### Parameters + +##### `kb` + +Data type: `Pattern[/^KB\d+$/]` + +The KB number of the patch you want to install (e.g. KB123456) + +##### `restart` + +Data type: `Boolean` + +Perform a restart after installing the patch + diff --git a/metadata.json b/metadata.json index 44b9058..37e7401 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-patching_as_code", - "version": "1.1.5", + "version": "1.1.6", "author": "puppetlabs", "summary": "Automated patching through desired state code", "license": "Apache-2.0", diff --git a/pdk.yaml b/pdk.yaml new file mode 100644 index 0000000..4bef4bd --- /dev/null +++ b/pdk.yaml @@ -0,0 +1,2 @@ +--- +ignore: []