diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 168a5cb..08c6abf 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,4 +1,3 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the
{
"name": "VoxBox",
"image": "ghcr.io/voxpupuli/voxbox:latest"
diff --git a/.msync.yml b/.msync.yml
index 179bafc..7d6d4ee 100644
--- a/.msync.yml
+++ b/.msync.yml
@@ -2,4 +2,4 @@
# Managed by modulesync - DO NOT EDIT
# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
-modulesync_config_version: '10.5.0'
+modulesync_config_version: '10.6.0'
diff --git a/Gemfile b/Gemfile
index 5f69bec..e0c8581 100644
--- a/Gemfile
+++ b/Gemfile
@@ -4,7 +4,7 @@
source ENV['GEM_SOURCE'] || 'https://rubygems.org'
group :test do
- gem 'voxpupuli-test', '~> 13.0', :require => false
+ gem 'voxpupuli-test', '~> 14.0', :require => false
gem 'puppet_metadata', '~> 6.0', :require => false
end
@@ -18,7 +18,7 @@ group :system_tests do
end
group :release do
- gem 'voxpupuli-release', '~> 5.0', :require => false
+ gem 'voxpupuli-release', '~> 5.3', :require => false
end
gem 'rake', :require => false
diff --git a/REFERENCE.md b/REFERENCE.md
index b4bea79..747abc1 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -114,30 +114,40 @@ Options:
* **:max_runs** `String`: How many Puppet runs during the patch window can Puppet install patches. Must be at least 1.
* **:reboot** `String`: Reboot behavior, valid options: 'always', 'never', 'ifneeded'
+Default value: `{ 'weekly' => { 'day_of_week' => 'Thursday', 'count_of_week' => [1, 2, 3, 4, 5], 'hours' => '09:00 - 11:00', 'max_runs' => 4, 'reboot' => 'ifneeded' }, 'testing' => { 'day_of_week' => 'Thursday', 'count_of_week' => 2, 'hours' => '07:00 - 09:00', 'max_runs' => 4, 'reboot' => 'ifneeded' }, 'early' => { 'day_of_week' => 'Monday', 'count_of_week' => 3, 'hours' => '20:00 - 22:00', 'max_runs' => 4, 'reboot' => 'ifneeded' }, 'primary' => { 'day_of_week' => 'Friday', 'count_of_week' => 3, 'hours' => '22:00 - 00:00', 'max_runs' => 4, 'reboot' => 'ifneeded' }, 'secondary' => { 'day_of_week' => 'Saturday', 'count_of_week' => 3, 'hours' => '22:00 - 00:00', 'max_runs' => 4, 'reboot' => 'ifneeded' }, 'late' => { 'day_of_week' => 'Saturday', 'count_of_week' => 4, 'hours' => '22:00 - 00:00', 'max_runs' => 4, 'reboot' => 'ifneeded' } }`
+
##### `blocklist`
Data type: `Array`
List of updates to block from installing
+Default value: `[]`
+
##### `allowlist`
Data type: `Array`
List of updates that are allowed to be installed. Any updates not on this list get blocked.
+Default value: `[]`
+
##### `blocklist_choco`
Data type: `Array`
List of Chocolatey updates to block from installing
+Default value: `[]`
+
##### `allowlist_choco`
Data type: `Array`
List of Chocolatey updates that are allowed to be installed. Any Chocolatey updates not on this list get blocked.
+Default value: `[]`
+
##### `high_priority_patch_group`
Data type: `String`
@@ -145,18 +155,24 @@ Data type: `String`
Name of the high_priority_patch_group for this node. Must match a patch group in `$patch_schedule`
This patch schedule will only be used for patches in the `$high_priority_list`.
+Default value: `'never'`
+
##### `high_priority_list`
Data type: `Array`
List of updates to install on the patch schedule set by `$high_priority_patch_group`.
+Default value: `[]`
+
##### `high_priority_list_choco`
Data type: `Array`
List of Chocolatey updates to install on the patch schedule set by `$high_priority_patch_group`.
+Default value: `[]`
+
##### `unsafe_process_list`
Data type: `Array`
@@ -164,6 +180,8 @@ Data type: `Array`
List of processes that will cause patching to be skipped if any of the processes in the list are active on the system.
Prepend an entry with `{full}` to match against the full process arguments.
+Default value: `[]`
+
##### `pre_patch_commands`
Data type: `Hash`
@@ -176,6 +194,8 @@ Options:
* **:path** `String`: The path for the command
* **:provider** `String`: The provider for the command
+Default value: `{}`
+
##### `post_patch_commands`
Data type: `Hash`
@@ -188,6 +208,8 @@ Options:
* **:path** `String`: The path for the command
* **:provider** `String`: The provider for the command
+Default value: `{}`
+
##### `pre_reboot_commands`
Data type: `Hash`
@@ -201,6 +223,8 @@ Options:
* **:provider** `String`: The provider for the command
Note: the provider for the command gets forced to `posix` on Linux and `powershell` on Windows
+Default value: `{}`
+
##### `fact_upload`
Data type: `Boolean`
@@ -296,6 +320,8 @@ Data type: `Variant[String,Array[String]]`
+Default value: `'primary'`
+
### `patching_as_code::high_prio_reboot`
Class: patching_as_code::high_prio_reboot
diff --git a/lib/facter/metered_link.rb b/lib/facter/metered_link.rb
index 5106842..5ad67d0 100644
--- a/lib/facter/metered_link.rb
+++ b/lib/facter/metered_link.rb
@@ -10,7 +10,7 @@
__dir__,
'..',
'patching_as_code',
- 'metered_link.ps1'
+ 'metered_link.ps1',
)
Facter::Util::Resolution.exec("#{powershell} -ExecutionPolicy Bypass -NoProfile -NoLogo -NonInteractive -File #{checker_script}").to_s == 'true'
end
diff --git a/lib/facter/patch_unsafe_process_active.rb b/lib/facter/patch_unsafe_process_active.rb
index 073e38b..5145773 100644
--- a/lib/facter/patch_unsafe_process_active.rb
+++ b/lib/facter/patch_unsafe_process_active.rb
@@ -3,7 +3,7 @@
require 'pathname'
Facter.add('patch_unsafe_process_active') do
- confine { Facter.value(:kernel) == 'windows' || Facter.value(:kernel) == 'Linux' }
+ confine { %w[windows Linux].include?(Facter.value(:kernel)) }
setcode do
def process_running(processname, full = false)
case Facter.value(:kernel)
diff --git a/lib/facter/patching_as_code.rb b/lib/facter/patching_as_code.rb
index 500b525..39dc345 100644
--- a/lib/facter/patching_as_code.rb
+++ b/lib/facter/patching_as_code.rb
@@ -49,7 +49,7 @@
'last_high_prio_patch_run' => '',
'days_since_last_high_prio_patch_run' => 0,
'patches_installed_on_last_high_prio_run' => [],
- 'choco_patches_installed_on_last_high_prio_run' => []
+ 'choco_patches_installed_on_last_high_prio_run' => [],
}
end
end
diff --git a/lib/facter/patching_as_code_choco.rb b/lib/facter/patching_as_code_choco.rb
index 6333672..dc98a52 100644
--- a/lib/facter/patching_as_code_choco.rb
+++ b/lib/facter/patching_as_code_choco.rb
@@ -40,7 +40,7 @@
{
'package_update_count' => 0,
'packages' => [],
- 'pinned_packages' => []
+ 'pinned_packages' => [],
}
end
end
diff --git a/lib/puppet/type/reboot_if_pending.rb b/lib/puppet/type/reboot_if_pending.rb
index ada29c8..fba7c79 100644
--- a/lib/puppet/type/reboot_if_pending.rb
+++ b/lib/puppet/type/reboot_if_pending.rb
@@ -38,7 +38,7 @@ def pre_run_check
'..',
'..',
'patching_as_code',
- 'pending_reboot.ps1'
+ 'pending_reboot.ps1',
)
pending_reboot = Puppet::Util::Execution.execute("#{powershell} -ExecutionPolicy Bypass -NoProfile -NoLogo -NonInteractive -File #{checker_script}", { failonfail: false }).exitstatus.to_i.zero?
when 'linux'
@@ -48,7 +48,7 @@ def pre_run_check
'..',
'..',
'patching_as_code',
- 'pending_reboot.sh'
+ 'pending_reboot.sh',
)
pending_reboot = Puppet::Util::Execution.execute("/bin/sh #{checker_script}", { failonfail: false }).exitstatus.to_i.zero?
else
@@ -93,7 +93,7 @@ def pre_run_check
apply: 'immediately',
schedule: parameter(:patch_window).value,
before: 'Anchor[patching_as_code::start]',
- require: pre_reboot_resources
+ require: pre_reboot_resources,
))
catalog.add_resource(Puppet::Type.type('notify').new(
@@ -101,7 +101,7 @@ def pre_run_check
schedule: parameter(:patch_window).value,
notify: 'Reboot[Patching as Code - Pending OS reboot]',
before: 'Anchor[patching_as_code::start]',
- require: pre_reboot_resources
+ require: pre_reboot_resources,
))
end