Allow arrays for tlsaport to be passed to ssl::service

diff --git a/modules/roles/manifests/rtc.pp b/modules/roles/manifests/rtc.pp
index 40cc288..0888833 100644 (file)
--- a/modules/roles/manifests/rtc.pp
+++ b/modules/roles/manifests/rtc.pp
@@ -1,7 +1,7 @@
 class roles::rtc {
 
        ssl::service { 'www.debian.org':
-               tlsaport => 0,
+               tlsaport => [],
                notify  => Service['repro'],
        }
 

diff --git a/modules/ssl/manifests/service.pp b/modules/ssl/manifests/service.pp
index 4f25a76..711f755 100644 (file)
--- a/modules/ssl/manifests/service.pp
+++ b/modules/ssl/manifests/service.pp
@@ -1,4 +1,6 @@
 define ssl::service($ensure = present, $tlsaport = 443, $notify = [], $key = false) {
+       $tlsaports = any2array($tlsaport)
+
        if ($ensure == "ifstatic") {
                $ssl_ensure = has_static_component($name) ? {
                        true => "present",
@@ -35,8 +37,9 @@ define ssl::service($ensure = present, $tlsaport = 443, $notify = [], $key = fal
                }
        }
 
-       if ($tlsaport > 0 and $ssl_ensure == "present") {
-               dnsextras::tlsa_record{ "tlsa-${name}-${tlsaport}":
+       if (size($tlsaports) > 0 and $ssl_ensure == "present") {
+               $portlist = join($tlsaports, "-")
+               dnsextras::tlsa_record{ "tlsa-${name}-${portlist}":
                        zone     => 'debian.org',
                        certfile => [ "/etc/puppet/modules/ssl/files/servicecerts/${name}.crt", "/etc/puppet/modules/ssl/files/from-letsencrypt/${name}.crt" ],
                        port     => $tlsaport,