Allow deferred for private_key

Author: baurmatt

README.md

@@ -16,6 +16,13 @@ secure point-to-point connections in routed or bridged configurations.
 
 * [`wireguard::interface`](#wireguardinterface): Defines wireguard tunnel interfaces
 
+**Functions**
+
+* [`wireguard::genkey`](#wireguardgenkey): Returns an array containing the wireguard private and public (in this order) key for a certain interface.
+* [`wireguard::genprivatekey`](#wireguardgenprivatekey): Returns the private key. Will be generated and saved to disk if it doesn't already exist.
+* [`wireguard::genpsk`](#wireguardgenpsk): Returns string containing the wireguard psk for a certain interface.
+* [`wireguard::genpublickey`](#wireguardgenpublickey): Returns a public key derived from a private key. Will be generated and saved to disk if it doesn't already exist.
+
 ## Classes
 
 ### wireguard
@@ -95,6 +102,14 @@ Define wireguard interfaces
 
 Default value: {}
 
+##### `config_dir_purge`
+
+Data type: `Boolean`
+
+
+
+Default value: $wireguard::params::config_dir_purge
+
 ### wireguard::config
 
 Class configures files and directories for wireguard
@@ -115,6 +130,12 @@ Data type: `String`
 
 The config_dir access mode bits
 
+##### `config_dir_purge`
+
+Data type: `Boolean`
+
+
+
 ### wireguard::install
 
 Class installs wireguard packages and sets yum repository
@@ -169,7 +190,7 @@ The following parameters are available in the `wireguard::interface` defined typ
 
 ##### `private_key`
 
-Data type: `String`
+Data type: `Any`
 
 Private key for data encryption
 
@@ -193,6 +214,8 @@ Data type: `Optional[Variant[Array,String]]`
 
 List of IP (v4 or v6) addresses (optionally with CIDR masks) to
 be assigned to the interface.
+Data type isn't 100% correct but needs to be 'Any' to allow 'Deferred'
+on Puppet 6 systems. epp will enforce Optional[Variant[Array,String]].
 
 Default value: `undef`
 
@@ -282,3 +305,192 @@ Data type: `Optional[Variant[Array,String]]`
 
 
 Default value: `undef`
+
+## Functions
+
+### wireguard::genkey
+
+Type: Ruby 4.x API
+
+Returns an array containing the wireguard private and public (in this order) key for a certain interface.
+
+#### Examples
+
+##### Creating private and public key for the interface wg0.
+
+```puppet
+wireguard::genkey('wg0', '/etc/wireguard') => [
+  '2N0YBID3tnptapO/V5x3GG78KloA8xkLz1QtX6OVRW8=',
+  'Pz4sRKhRMSet7IYVXXeZrAguBSs+q8oAVMfAAXHJ7S8=',
+]
+```
+
+#### `wireguard::genkey(String $name, Optional[String] $path)`
+
+Returns an array containing the wireguard private and public (in this order) key for a certain interface.
+
+Returns: `Array` Returns [$private_key, $public_key].
+
+##### Examples
+
+###### Creating private and public key for the interface wg0.
+
+```puppet
+wireguard::genkey('wg0', '/etc/wireguard') => [
+  '2N0YBID3tnptapO/V5x3GG78KloA8xkLz1QtX6OVRW8=',
+  'Pz4sRKhRMSet7IYVXXeZrAguBSs+q8oAVMfAAXHJ7S8=',
+]
+```
+
+##### `name`
+
+Data type: `String`
+
+The interface name.
+
+##### `path`
+
+Data type: `Optional[String]`
+
+Absolut path to the wireguard key files (default '/etc/wireguard').
+
+### wireguard::genprivatekey
+
+Type: Ruby 4.x API
+
+Returns the private key. Will be generated and saved to disk if it doesn't already exist.
+
+#### Examples
+
+##### Creating private key for the interface wg0.
+
+```puppet
+wireguard::genprivatekey('/etc/wireguard/wg0.key') => '2N0YBID3tnptapO/V5x3GG78KloA8xkLz1QtX6OVRW8='
+```
+
+##### Using it as a Deferred function
+
+```puppet
+include wireguard
+wireguard::interface { 'wg0':
+  private_key => Deferred('wireguard::genprivatekey', ['/etc/wireguard/wg0.key']),
+  listen_port => 53098,
+}
+```
+
+#### `wireguard::genprivatekey(String $path)`
+
+Returns the private key. Will be generated and saved to disk if it doesn't already exist.
+
+Returns: `String` Returns the private key.
+
+##### Examples
+
+###### Creating private key for the interface wg0.
+
+```puppet
+wireguard::genprivatekey('/etc/wireguard/wg0.key') => '2N0YBID3tnptapO/V5x3GG78KloA8xkLz1QtX6OVRW8='
+```
+
+###### Using it as a Deferred function
+
+```puppet
+include wireguard
+wireguard::interface { 'wg0':
+  private_key => Deferred('wireguard::genprivatekey', ['/etc/wireguard/wg0.key']),
+  listen_port => 53098,
+}
+```
+
+##### `path`
+
+Data type: `String`
+
+Absolut path to the private key
+
+### wireguard::genpsk
+
+Type: Ruby 4.x API
+
+Returns string containing the wireguard psk for a certain interface.
+
+#### Examples
+
+##### Creating psk for the interface wg0.
+
+```puppet
+wireguard::genpsk('wg0') => 'FIVuvMyHvzujQweYa+oJdLDRvrpbHBithvMmNjN5rK4='
+```
+
+#### `wireguard::genpsk(String $name, Optional[String] $path)`
+
+Returns string containing the wireguard psk for a certain interface.
+
+Returns: `String` Returns psk.
+
+##### Examples
+
+###### Creating psk for the interface wg0.
+
+```puppet
+wireguard::genpsk('wg0') => 'FIVuvMyHvzujQweYa+oJdLDRvrpbHBithvMmNjN5rK4='
+```
+
+##### `name`
+
+Data type: `String`
+
+The interface name.
+
+##### `path`
+
+Data type: `Optional[String]`
+
+Absolut path to the wireguard key files (default '/etc/wireguard').
+
+### wireguard::genpublickey
+
+Type: Ruby 4.x API
+
+Returns a public key derived from a private key.
+Will be generated and saved to disk if it doesn't already exist.
+
+#### Examples
+
+##### Creating public key for the interface wg0.
+
+```puppet
+wireguard::genpublickey('/etc/wireguard/wg0.key',
+                         '/etc/wireguard/wg0.pub'
+                        ) => 'gNaMjIpR7LKg019iktKJC74GX/MD3Y35Wo+WRNRQZxA='
+```
+
+#### `wireguard::genpublickey(String $private_key_path, String $public_key_path)`
+
+Returns a public key derived from a private key.
+Will be generated and saved to disk if it doesn't already exist.
+
+Returns: `String` Returns the public key.
+
+##### Examples
+
+###### Creating public key for the interface wg0.
+
+```puppet
+wireguard::genpublickey('/etc/wireguard/wg0.key',
+                         '/etc/wireguard/wg0.pub'
+                        ) => 'gNaMjIpR7LKg019iktKJC74GX/MD3Y35Wo+WRNRQZxA='
+```
+
+##### `private_key_path`
+
+Data type: `String`
+
+Absolut path to the private key
+
+##### `public_key_path`
+
+Data type: `String`
+
+Absolut path to the public key
+

files/interface.conf.epp

@@ -0,0 +1,84 @@
+<%- | Optional[Variant[Array,String]] $address,
+      Boolean                         $saveconfig,
+      String                          $private_key,
+      Integer[1,65535]                $listen_port,
+      Optional[Integer[1,9202]]       $mtu,
+      Optional[String]                $dns,
+      Optional[Variant[Array,String]] $preup,
+      Optional[Variant[Array,String]] $postup,
+      Optional[Variant[Array,String]] $predown,
+      Optional[Variant[Array,String]] $postdown,
+      Array                           $peers,
+| -%>
+# This file is managed by puppet
+[Interface]
+<%- if $address { -%>
+  <%- if $address =~ Array { -%>
+    <%- $address.flatten.each |$adr| { -%>
+Address = <%= $adr %>
+    <%- } -%>
+  <%- } else {-%>
+Address = <%= $address %>
+  <%- } -%>
+<%- } -%>
+<% if $saveconfig { -%>
+SaveConfig = true
+<% } -%>
+PrivateKey = <%= $private_key %>
+ListenPort = <%= $listen_port %>
+<%- if $mtu { -%>
+MTU = <%= $mtu %>
+<% } -%>
+<%- if $dns { -%>
+DNS = <%= $dns %>
+<% } -%>
+<%- if $preup { -%>
+  <%- if $preup =~ Array { -%>
+    <%- $preup.flatten.each |$p| { -%>
+PreUp = <%= $p %>
+    <%- } -%>
+  <%- } else { -%>
+PreUp = <%= $preup %>
+  <%- } -%>
+<%- } -%>
+<%- if $postup { -%>
+  <%- if $postup =~ Array { -%>
+    <%- $postup.flatten.each |$p| { -%>
+PostUp = <%= $p %>
+    <%- } -%>
+  <%- } else { -%>
+PostUp = <%= $postup %>
+  <%- } -%>
+<%- } -%>
+<%- if $predown { -%>
+  <%- if $predown =~ Array { -%>
+    <%- $predown.flatten.each |$p| { -%>
+PreDown = <%= $p %>
+    <%- } -%>
+  <%- } else { -%>
+PreDown = <%= $predown %>
+  <%- } -%>
+<%- } -%>
+<%- if $postdown { -%>
+  <%- if $postdown =~ Array { -%>
+    <%- $postdown.flatten.each |$p| { -%>
+PostDown = <%= $p %>
+    <%- } -%>
+  <%- } else { -%>
+PostDown = <%= $postdown %>
+  <%- } -%>
+<%- } -%>
+<%- if $peers { -%>
+
+# Peers
+    <%- $peers.each |$peer| { -%>
+[Peer]
+        <%- $peer.each |$key,$value| { -%>
+          <%- if $key == 'Comment' { -%>
+# <%= $value -%>
+          <%- } else { -%>
+<%= $key %> = <%= $value -%>
+          <%- } %>
+        <%- } %>
+    <%- } -%>
+<%- } -%>

lib/puppet/functions/wireguard/genkey.rb

@@ -1,6 +1,5 @@
+# Returns an array containing the wireguard private and public (in this order) key for a certain interface.
 Puppet::Functions.create_function(:'wireguard::genkey') do
-  # Returns an array containing the wireguard private and public (in this order) key
-  # for a certain interface.
   # @param name The interface name.
   # @param path Absolut path to the wireguard key files (default '/etc/wireguard').
   # @return [Array] Returns [$private_key, $public_key].
@@ -11,33 +10,10 @@
   #   ]
   dispatch :genkey do
     required_param 'String', :name
+    optional_param 'String', :path
     return_type 'Array'
   end
 
-  def gen_privkey(private_key_path, public_key_path)
-    unless File.exists?(private_key_path)
-      private_key = Puppet::Util::Execution.execute(
-        ['/usr/bin/wg', 'genkey'],
-      )
-      File.open(private_key_path, 'w') do |f|
-        f << private_key
-      end
-      File.delete(public_key_path) if File.exist?(public_key_path)
-    end
-  end
-
-  def gen_pubkey(private_key_path, public_key_path)
-    unless File.exists?(public_key_path)
-      public_key = Puppet::Util::Execution.execute(
-        ['/usr/bin/wg', 'pubkey'],
-        {:stdinfile => private_key_path},
-      )
-      File.open(public_key_path, 'w') do |f|
-        f << public_key
-      end
-    end
-  end
-
   def genkey(name, path='/etc/wireguard')
     private_key_path = File.join(path, "#{name}.key")
     public_key_path = File.join(path, "#{name}.pub")
@@ -47,9 +23,9 @@ def genkey(name, path='/etc/wireguard')
       raise Puppet::ParseError, "#{dir} is not writable" if not File.writable?(dir)
     end
 
-    gen_privkey(private_key_path, public_key_path)
-    gen_pubkey(private_key_path, public_key_path)
-    [File.read(private_key_path),File.read(public_key_path)]
+    private_key = call_function('wireguard::genprivatekey', private_key_path)
+    public_key  = call_function('wireguard::genpublickey', private_key_path, public_key_path)
+    [private_key, public_key]
   end
 end