Use hiera for cert content

manifests/dashboard.pp

@@ -1,6 +1,9 @@
 # Copyright (C) 2015, Wazuh Inc.
 # Setup for Wazuh Dashboard
 class wazuh::dashboard (
+  $dashboard_cert_content,
+  $dashboard_certkey_content,
+  $dashboard_rootca_content,
   $dashboard_package = 'wazuh-dashboard',
   $dashboard_service = 'wazuh-dashboard',
   $dashboard_version = '5.0.0',
@@ -10,10 +13,6 @@
   $dashboard_path_certs = '/etc/wazuh-dashboard/certs',
   $dashboard_fileuser = 'wazuh-dashboard',
   $dashboard_filegroup = 'wazuh-dashboard',
-
-  $dashboard_cert_source = 'puppet:///modules/archive/dashboard.pem',
-  $dashboard_certkey_source = 'puppet:///modules/archive/dashboard-key.pem',
-  $dashboard_rootca_source = 'puppet:///modules/archive/root-ca.pem',
   $dashboard_server_port = '443',
   $dashboard_server_host = '0.0.0.0',
   $dashboard_server_hosts = "https://${indexer_server_ip}:${indexer_server_port}",
@@ -33,7 +32,6 @@
       'password' => 'wazuh-wui',
     },
   ],
-
 ) {
   # assign version according to the package manager
   case $facts['os']['family'] {
@@ -69,7 +67,7 @@
     owner   => $dashboard_fileuser,
     group   => $dashboard_filegroup,
     mode    => '0400',
-    source  => $dashboard_cert_source,
+    content => $dashboard_cert_content,
     require => Package['wazuh-dashboard'],
     notify  => Service['wazuh-dashboard'],
   }
@@ -79,7 +77,7 @@
     owner   => $dashboard_fileuser,
     group   => $dashboard_filegroup,
     mode    => '0400',
-    source  => $dashboard_certkey_source,
+    content => $dashboard_certkey_content,
     require => Package['wazuh-dashboard'],
     notify  => Service['wazuh-dashboard'],
   }
@@ -89,7 +87,7 @@
     owner   => $dashboard_fileuser,
     group   => $dashboard_filegroup,
     mode    => '0400',
-    source  => $dashboard_rootca_source,
+    content => $dashboard_rootca_content,
     require => Package['wazuh-dashboard'],
     notify  => Service['wazuh-dashboard'],
   }

manifests/filebeat_oss.pp

@@ -1,10 +1,12 @@
 # Copyright (C) 2015, Wazuh Inc.
 # Setup for Filebeat_oss
 class wazuh::filebeat_oss (
+  $filebeat_cert_content,
+  $filebeat_certkey_content,
+  $filebeat_node_rootca_content,
   $filebeat_oss_indexer_ip = '127.0.0.1',
   $filebeat_oss_indexer_port = '9200',
   $indexer_server_ip = "\"${filebeat_oss_indexer_ip}:${filebeat_oss_indexer_port}\"",
-
   $filebeat_oss_archives = false,
   $filebeat_oss_package = 'filebeat',
   $filebeat_oss_service = 'filebeat',
@@ -15,10 +17,6 @@
   $wazuh_extensions_version = 'v5.0.0',
   $wazuh_filebeat_module = 'wazuh-filebeat-0.4.tar.gz',
   $wazuh_node_name = 'master',
-  $filebeat_cert_source = "puppet:///modules/archive/manager-${wazuh_node_name}.pem",
-  $filebeat_certkey_source = "puppet:///modules/archive/manager-${wazuh_node_name}-key.pem",
-  $filebeat_node_rootca_source = 'puppet:///modules/archive/root-ca.pem',
-
   $filebeat_fileuser = 'root',
   $filebeat_filegroup = 'root',
   $filebeat_path_certs = '/etc/filebeat/certs',
@@ -93,23 +91,23 @@
     owner   => $filebeat_fileuser,
     group   => $filebeat_filegroup,
     mode    => '0400',
-    source  => $filebeat_cert_source,
+    content => $filebeat_cert_content,
   }
 
   file { "${filebeat_path_certs}/filebeat-key.pem":
     ensure  => file,
     owner   => $filebeat_fileuser,
     group   => $filebeat_filegroup,
     mode    => '0400',
-    source  => $filebeat_certkey_source,
+    content => $filebeat_certkey_content,
   }
 
   file { "${filebeat_path_certs}/root-ca.pem":
     ensure  => file,
     owner   => $filebeat_fileuser,
     group   => $filebeat_filegroup,
     mode    => '0400',
-    source  => $filebeat_node_rootca_source,
+    content => $filebeat_node_rootca_content,
   }
 
   service { 'filebeat':

manifests/indexer.pp

@@ -1,6 +1,12 @@
 # Copyright (C) 2015, Wazuh Inc.
 # Setup for Wazuh Indexer
 class wazuh::indexer (
+  $indexer_node_cert_content,
+  $indexer_node_certkey_content,
+  $indexer_node_rootca_content,
+  $indexer_node_admincert_content,
+  $indexer_node_adminkey_content,
+
   # opensearch.yml configuration
   $indexer_network_host = '0.0.0.0',
   $indexer_cluster_name = 'wazuh-cluster',
@@ -12,12 +18,6 @@
   $indexer_fileuser = 'wazuh-indexer',
   $indexer_filegroup = 'wazuh-indexer',
 
-  $indexer_node_cert_source = "puppet:///modules/archive/indexer-${indexer_node_name}.pem",
-  $indexer_node_certkey_source = "puppet:///modules/archive/indexer-${indexer_node_name}-key.pem",
-  $indexer_node_rootca_source = 'puppet:///modules/archive/root-ca.pem',
-  $indexer_node_admincert_source = 'puppet:///modules/archive/admin.pem',
-  $indexer_node_adminkey_source = 'puppet:///modules/archive/admin-key.pem',
-
   $indexer_path_data = '/var/lib/wazuh-indexer',
   $indexer_path_logs = '/var/log/wazuh-indexer',
   $indexer_path_certs = '/etc/wazuh-indexer/certs',
@@ -67,7 +67,7 @@
     owner   => $indexer_fileuser,
     group   => $indexer_filegroup,
     mode    => '0400',
-    source  => $indexer_node_cert_source,
+    content => $indexer_node_cert_content,
     require => Package['wazuh-indexer'],
     notify  => Service['wazuh-indexer'],
   }
@@ -77,7 +77,7 @@
     owner   => $indexer_fileuser,
     group   => $indexer_filegroup,
     mode    => '0400',
-    source  => $indexer_node_certkey_source,
+    content => $indexer_node_certkey_content,
     require => Package['wazuh-indexer'],
     notify  => Service['wazuh-indexer'],
   }
@@ -87,7 +87,7 @@
     owner   => $indexer_fileuser,
     group   => $indexer_filegroup,
     mode    => '0400',
-    source  => $indexer_node_rootca_source,
+    content => $indexer_node_rootca_content,
     require => Package['wazuh-indexer'],
     notify  => Service['wazuh-indexer'],
   }
@@ -97,7 +97,7 @@
     owner   => $indexer_fileuser,
     group   => $indexer_filegroup,
     mode    => '0400',
-    source  => $indexer_node_admincert_source,
+    content => $indexer_node_admincert_content,
     require => Package['wazuh-indexer'],
     notify  => Service['wazuh-indexer'],
   }
@@ -107,7 +107,7 @@
     owner   => $indexer_fileuser,
     group   => $indexer_filegroup,
     mode    => '0400',
-    source  => $indexer_node_adminkey_source,
+    content => $indexer_node_adminkey_content,
     require => Package['wazuh-indexer'],
     notify  => Service['wazuh-indexer'],
   }

manifests/manager.pp

@@ -330,7 +330,7 @@
   # Install and configure Wazuh-manager package
 
   package { $wazuh::params_manager::server_package:
-    ensure  => $server_version_install, # lint:ignore:security_package_pinned_version
+    ensure => $server_version_install, # lint:ignore:security_package_pinned_version
   }
 
   file {
@@ -344,11 +344,11 @@
       validate_cmd => $wazuh::params_manager::validate_cmd_conf,
       content      => template($shared_agent_template);
     '/var/ossec/etc/rules/local_rules.xml':
-      content      => template($local_rules_template);
+      content => template($local_rules_template);
     '/var/ossec/etc/decoders/local_decoder.xml':
-      content      => template($local_decoder_template);
+      content => template($local_decoder_template);
     $wazuh::params_manager::processlist_file:
-      content      => template('wazuh/process_list.erb');
+      content => template('wazuh/process_list.erb');
   }
 
   service { $wazuh::params_manager::server_service:

manifests/repo.pp

@@ -2,7 +2,6 @@
 # Wazuh repository installation
 class wazuh::repo (
 ) {
-
   case $facts['os']['family'] {
     'Debian' : {
       $wazuh_repo_url = 'https://packages.wazuh.com/5.x/apt'
@@ -40,14 +39,13 @@
 
       case $facts['os']['distro']['codename'] {
         /(jessie|wheezy|stretch|buster|bullseye|bookworm|trixie|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic|focal|groovy|jammy|noble)/: {
-
           # Manage the APT source list file content using concat
           concat { '/etc/apt/sources.list.d/wazuh.list':
-            ensure  => present,
-            owner   => 'root',
-            group   => 'root',
-            mode    => '0644',
-            notify  => Exec['apt-update'],
+            ensure => present,
+            owner  => 'root',
+            group  => 'root',
+            mode   => '0644',
+            notify => Exec['apt-update'],
           }
 
           concat::fragment { 'wazuh-source':