enroll

Archived

Author	SHA1	Message	Date
Miguel Jacq	70525e52d8	Doc updates All checks were successful CI / test (push) Successful in 49s Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m47s Details CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m32s Details Lint / test (push) Successful in 47s Details	2026-06-22 14:49:56 +10:00
Miguel Jacq	ad019f6b09	normalise control characters in generated manifest scalars	2026-06-22 14:45:12 +10:00
Miguel Jacq	cec6023a40	Ensure that diff also runs through validate() All checks were successful CI / test (push) Successful in 48s Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m15s Details CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m51s Details Lint / test (push) Successful in 46s Details	2026-06-22 14:14:51 +10:00
Miguel Jacq	1312b7eac2	Add SECURITY.md	2026-06-22 13:33:30 +10:00
Miguel Jacq	a1d7a9e4e6	Add warning about --dangerous mode if sops is not in use All checks were successful CI / test (push) Successful in 50s Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 12m37s Details CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m21s Details Lint / test (push) Successful in 45s Details	2026-06-22 12:56:21 +10:00
Miguel Jacq	bf1c72c542	CHANGELOG updates	2026-06-22 12:47:39 +10:00
Miguel Jacq	d93de8a8a2	Fix for remote harvest tmp dir	2026-06-22 12:46:45 +10:00
Miguel Jacq	21a3ef3447	More safety about writing output harvests/manifests to safe locations, including SOPS and diff.	2026-06-22 12:21:33 +10:00
Miguel Jacq	3feba9a9f2	More information about use of --dangerous mode	2026-06-22 12:03:48 +10:00
Miguel Jacq	d1e99db2df	Update the cli help info about enroll.ini location	2026-06-22 12:00:48 +10:00
Miguel Jacq	def1c2bbc7	Add note about README.md	2026-06-22 11:59:38 +10:00
Miguel Jacq	e78f61c5ed	Avoid TOCTOU issues, stronger perms on manifest dir, don't allow harvesting to existing dir by default, scan whole file for potential secrets All checks were successful CI / test (push) Successful in 48s Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m19s Details CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m40s Details Lint / test (push) Successful in 48s Details	2026-06-22 11:41:11 +10:00
Miguel Jacq	c7a6bfe979	Update tests All checks were successful CI / test (push) Successful in 51s Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m30s Details CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 19m55s Details Lint / test (push) Successful in 44s Details	2026-06-22 11:06:24 +10:00
Miguel Jacq	a0914e1369	Strict validation of PATH when running as root in case it could contain potentially unsafe binaries	2026-06-22 11:06:01 +10:00
Miguel Jacq	205c419a7a	Sanity check on FQDN name to avoid accidental path traversal and similar woes	2026-06-22 10:59:17 +10:00
Miguel Jacq	3e8ad600e2	Use shlex.quote on remote commands	2026-06-22 10:58:20 +10:00
Miguel Jacq	0a0f067111	Add other common strings that could represent sensitive values to ignore unless in --dangerous mode	2026-06-22 10:57:54 +10:00
Miguel Jacq	e2b61bcdf1	Ensure jinjifying an artifact passes through safe_artifact_file just in case	2026-06-22 10:57:08 +10:00
Miguel Jacq	03dc467e32	Updates to DEVELOPMENT.md re: manifest and validate	2026-06-22 10:09:31 +10:00
Miguel Jacq	1e61ae2ff9	Fix tests for deb build All checks were successful CI / test (push) Successful in 49s Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m32s Details CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m1s Details Lint / test (push) Successful in 44s Details	2026-06-22 10:05:17 +10:00
Miguel Jacq	67b92731f6	Update tests Some checks failed Lint / test (push) Waiting to run Details CI / test (push) Failing after 49s Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Has been cancelled Details CI / test (debian, docker.io/library/debian:13, python3) (push) Has been cancelled Details	2026-06-22 09:58:54 +10:00
Miguel Jacq	0384f8817b	Fail closed on SMTP STARTTLS credential failure before sending creds. Ensure diff's manifest dir works now that we don't remove the target location if it exists (temp dir)	2026-06-22 09:57:56 +10:00
Miguel Jacq	5ffd4ee755	Perform harvest validation before trying to manifest from it	2026-06-22 09:56:55 +10:00
Miguel Jacq	706604df74	Stricter validation of harvests to ensure that they meet the schema and don't contain unsafe artifacts (e.g symlinks pointing outside the artifact tree)	2026-06-22 09:55:38 +10:00
Miguel Jacq	a85e8265f4	Don't allow .enroll.ini in CWD, rely on env var or XDG path	2026-06-22 09:52:33 +10:00
Miguel Jacq	6ee8c60e64	Fix the almalinux tests - skip jinjaturtle and systemd in CI All checks were successful CI / test (push) Successful in 46s Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m26s Details CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m24s Details Lint / test (push) Successful in 45s Details	2026-06-21 17:49:51 +10:00
Miguel Jacq	ce2652a3b3	Handle gracefully debian stuff when testing on rhel-like Some checks failed CI / test (push) Has been cancelled Details Lint / test (push) Has been cancelled Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Failing after 5m10s Details CI / test (debian, docker.io/library/debian:13, python3) (push) Failing after 10m10s Details	2026-06-21 16:15:33 +10:00
Miguel Jacq	b704a6c80b	Add node before checkout Some checks failed Lint / test (push) Waiting to run Details CI / test (push) Successful in 46s Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Failing after 3m14s Details CI / test (debian, docker.io/library/debian:13, python3) (push) Failing after 11m33s Details	2026-06-21 16:07:03 +10:00
Miguel Jacq	b3a9cd3fb9	Fix curl on almalinux Some checks failed Lint / test (push) Waiting to run Details CI / test (push) Successful in 46s Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Failing after 2m9s Details CI / test (debian, docker.io/library/debian:13, python3) (push) Failing after 2m28s Details	2026-06-21 16:00:35 +10:00
Miguel Jacq	429da3f4c1	Attempt to run tests on Alma Linux Some checks failed Lint / test (push) Waiting to run Details CI / test (push) Successful in 46s Details CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Failing after 30s Details CI / test (debian, docker.io/library/debian:13, python3) (push) Failing after 2m47s Details	2026-06-21 15:57:41 +10:00
Miguel Jacq	f21bac7d1c	Updates to CHANGELOG and release script All checks were successful CI / test (push) Successful in 26m56s Details Lint / test (push) Successful in 42s Details	2026-06-21 13:40:07 +10:00
Miguel Jacq	fc120f02a5	More test coverage	2026-06-21 13:37:37 +10:00
Miguel Jacq	528176ad82	Enforce the galaxy requirements in tests Some checks failed Lint / test (push) Waiting to run Details CI / test (push) Has been cancelled Details	2026-06-21 13:15:10 +10:00
Miguel Jacq	90e863df40	Add DEVELOPMENT.md	2026-06-21 13:03:26 +10:00
Miguel Jacq	a0ac28f213	Support '--enforce' mode in 'enroll diff' with '--target' to use a specific config manager to run to enforce All checks were successful CI / test (push) Successful in 27m26s Details Lint / test (push) Successful in 45s Details	2026-06-21 12:38:10 +10:00
Miguel Jacq	5b0e945c99	Fix jinjaturtle tests All checks were successful CI / test (push) Successful in 27m22s Details Lint / test (push) Successful in 41s Details	2026-06-21 09:42:19 +10:00
Miguel Jacq	d81c32ab7f	Require version 1.20.0 or higher of podman container collection, for the platform arg	2026-06-21 09:41:56 +10:00
Miguel Jacq	c7c8b93e09	make tests.sh executable again, whoops Some checks failed CI / test (push) Failing after 3m49s Details Lint / test (push) Successful in 44s Details	2026-06-21 09:30:15 +10:00
Miguel Jacq	5bb22afefd	Run jinjaturtle unit tests across the three renderers Some checks failed CI / test (push) Failing after 3m9s Details Lint / test (push) Has been cancelled Details	2026-06-21 09:17:29 +10:00
Miguel Jacq	582679a523	0.7.0b7 Some checks failed CI / test (push) Successful in 20m0s Details Lint / test (push) Has been cancelled Details	2026-06-21 09:03:52 +10:00
Miguel Jacq	97b64522c6	Merge branch 'erb'	2026-06-21 09:03:33 +10:00
Miguel Jacq	eeb37be567	0.7.0b6 All checks were successful CI / test (push) Successful in 19m38s Details Lint / test (push) Successful in 44s Details	2026-06-20 18:39:28 +10:00
Miguel Jacq	f335077e59	Fix salt rendering of yaml/json	2026-06-20 18:38:49 +10:00
Miguel Jacq	8cbde1423a	erb support, and fix notify services in puppet/salt in fqdn mode	2026-06-20 18:22:08 +10:00
Miguel Jacq	4fd0facaf8	0.7.0b5 All checks were successful CI / test (push) Successful in 19m16s Details Lint / test (push) Successful in 44s Details	2026-06-20 15:33:47 +10:00
Miguel Jacq	5845ff58e4	Update pyproject comment	2026-06-20 15:33:24 +10:00
Miguel Jacq	097022f782	Fix notification of individual services when related config changes, even when roles are grouped All checks were successful CI / test (push) Successful in 19m18s Details Lint / test (push) Successful in 42s Details	2026-06-20 15:31:42 +10:00
Miguel Jacq	08066595f1	README updates	2026-06-20 14:36:59 +10:00
Miguel Jacq	eb286b1db0	0.7.0b4 All checks were successful CI / test (push) Successful in 19m23s Details Lint / test (push) Successful in 43s Details	2026-06-20 12:30:39 +10:00
Miguel Jacq	ceb86c513c	Improve test coverage of salt and puppet Some checks failed Lint / test (push) Waiting to run Details CI / test (push) Has been cancelled Details	2026-06-20 12:30:02 +10:00

1 2 3 4 5

222 commits