Add puppet package zitrlp-strongswan

This change adds the package zitrlp-strongswan. This module allows
management of strongswan on Debian via swanctl / VICI.

Test Plan:
PASS: downloader
PASS: build-pkgs --clean --all
PASS: build-image
PASS: Run full build, system install, bootstrap and unlock SX system
PASS: Run command "puppet module list | grep strongswan"
PASS: Create a puppet manifest file responsible for creating and
      configuring each one of the strongswan and swanctl config files.
      Copy the manifest to /usr/share/puppet/modules/platform/manifest
      directory.
      Run "sudo puppet apply -e "include ::platform::strongswan""
      command. Observe that the files /etc/swanctl/swanctl.conf,
      /etc/strongswan.conf, /etc/strongswan.d/charon.conf and
      /etc/strongswan.d/charon-loggings.conf were updated according
      with the specifications of the implemented manifest.

Story: 2010940
Task: 48987

Change-Id: I3fac6d5ec514a9a7ab237b0c83dda61d042d4fcf
Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>

config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/changelog

@@ -0,0 +1,5 @@
+puppet-zitrlp-strongswan (0.1.0) UNRELEASED; urgency=medium
+
+  * Initial release.
+
+ -- Leonardo Mendes <leonardo.mendessantana@windriver.com>  Sun, 15 Oct 2023 12:33:51 -0300

config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/control

@@ -0,0 +1,15 @@
+Source: puppet-zitrlp-strongswan
+Section: admin
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13)
+Standards-Version: 4.4.1
+Homepage: https://www.starlingx.io
+
+Package: puppet-zitrlp-strongswan
+Architecture: any
+Depends:  puppet (>= 5.2.22),
+          puppet-module-puppetlabs-stdlib,
+          ${misc:depends}
+Description: Puppet module named puppet-zitrlp-strongswan
+  This module allows management of strongswan on Debian via swanctl / VICI, route-based or otherwise.

config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/copyright

@@ -0,0 +1,29 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Upstream-Name: puppet-zitrlp-strongswan
+Upstream-Contact: Jan-Martin Rämer (https://software.service.zit-rlp.de/jra)
+Source: https://software.service.zit-rlp.de/puppet/strongswan
+Files: *
+Copyright: (C) 2023 Jan-Martin Rämer (https://software.service.zit-rlp.de/jra)
+License: GPL-3.0
+
+Upstream-Name: puppet-zitrlp-strongswan
+Upstream-Contact: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Source: https://opendev.org/starlingx/integ/src/branch/master/config/puppet-modules/puppet-zitrlp-strongswan
+Files: debian/*
+Copyright: (c) 2023 Wind River Systems, Inc.
+License: GPL-3.0
+
+License:   GPL-3.0
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <https://www.gnu.org/licenses/>.

config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/patches/0001-Add-classes-to-update-config-files.patch

@@ -0,0 +1,146 @@
+From c02bf3a61dafb0dee6362c0bb63e782abe3090f2 Mon Sep 17 00:00:00 2001
+From: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
+Date: Tue, 17 Oct 2023 14:18:54 -0300
+Subject: [PATCH] Add classes to update config files
+
+---
+ manifests/charon.pp         | 12 ++++++++++++
+ manifests/charon_logging.pp | 12 ++++++++++++
+ manifests/init.pp           | 37 ++-----------------------------------
+ manifests/swanctl.pp        | 22 ++++++++++++++++++++++
+ 4 files changed, 48 insertions(+), 35 deletions(-)
+ create mode 100644 manifests/charon.pp
+ create mode 100644 manifests/charon_logging.pp
+ create mode 100644 manifests/swanctl.pp
+
+diff --git a/manifests/charon.pp b/manifests/charon.pp
+new file mode 100644
+index 0000000..d1f6dcc
+--- /dev/null
++++ b/manifests/charon.pp
+@@ -0,0 +1,12 @@
++# @param charon_options configure other attributes in charon.conf.
++class strongswan::charon (
++  Hash $charon_options = {},
++) {
++  file { '/etc/strongswan.d/charon.conf':
++    owner   => 'root',
++    mode    => '0600',
++    content => strongswan::hash_to_strongswan_config({
++        charon => $charon_options,
++    }),
++  }
++}
+diff --git a/manifests/charon_logging.pp b/manifests/charon_logging.pp
+new file mode 100644
+index 0000000..b454f2b
+--- /dev/null
++++ b/manifests/charon_logging.pp
+@@ -0,0 +1,12 @@
++# @param charon_logging configure file charon-logging.conf.
++class strongswan::charon_logging (
++  Hash $charon_logging = {},
++) {
++  file { '/etc/strongswan.d/charon-logging.conf':
++    owner   => 'root',
++    mode    => '0600',
++    content => strongswan::hash_to_strongswan_config({
++        charon => $charon_logging,
++    }),
++  }
++}
+diff --git a/manifests/init.pp b/manifests/init.pp
+index 08002a3..27904e4 100644
+--- a/manifests/init.pp
++++ b/manifests/init.pp
+@@ -23,12 +23,6 @@
+ # @param sw_collector sw-collector block in strongswan.conf.
+ # @param starter starter block in strongswan.conf.
+ # @param swanctl swanctl block in strongswan.conf.
+-# @param authorities authorities block in swanctl.conf.
+-# @param connections connections block in swanctl.conf. Besides keys allowed in swanctl, these ones are added:
+-#      * base_interface: base interface for xfrm device.
+-#      * if_id: interface ID for xfrm device used for in and out. In swanctl.conf, this value is used for id_id_in and if_id_out.
+-# @param secrets secrets block in swanctl.conf.
+-# @param pools pools block in swanctl.conf.
+ # @param route_based Whether route based VPN is configured.
+ # @param xfrm_default_base_interface XRFM base interface used if none is specified in connection.
+ #
+@@ -58,25 +52,9 @@ class strongswan (
+   Hash $connections = {},
+   Hash $secrets = {},
+   Hash $pools = {},
+-  Boolean $route_based = false,
+   String $xfrm_default_base_interface = 'lo',
++  String $strongswan_include = 'strongswan.d/*.conf',
+ ) {
+-  ensure_packages(['strongswan-swanctl', 'charon-systemd'])
+-  service { ['ipsec,', 'strongswan-starter']:
+-    ensure => stopped,
+-    enable => false,
+-  }
+-  service { 'strongswan':
+-    ensure => running,
+-    enable => true,
+-  }
+-  if ($route_based) {
+-    $d = strongswan::extract_xfrm_devices_from_connections($connections, $xfrm_default_base_interface)
+-    $_connections = $d['connections']
+-    ensure_resources('strongswan::xfrm', $d['xfrm'])
+-  } else {
+-    $_connections = $connections
+-  }
+   file { '/etc/strongswan.conf':
+     owner   => 'root',
+     mode    => '0600',
+@@ -100,18 +78,7 @@ class strongswan (
+         sw-collector       => $sw_collector,
+         starter            => $starter,
+         swanctl            => $swanctl,
++        strongswan_include => $strongswan_include,
+     }),
+-    notify  => Service['strongswan'],
+-  }
+-  file { '/etc/swanctl/swanctl.conf':
+-    owner   => 'root',
+-    mode    => '0600',
+-    content => strongswan::hash_to_strongswan_config({
+-        authorities => $authorities,
+-        connections => $_connections,
+-        secrets     => $secrets,
+-        pools       => $pools,
+-    }),
+-    notify  => Service['strongswan'],
+   }
+ }
+diff --git a/manifests/swanctl.pp b/manifests/swanctl.pp
+new file mode 100644
+index 0000000..f85e7e3
+--- /dev/null
++++ b/manifests/swanctl.pp
+@@ -0,0 +1,22 @@
++# @param authorities authorities block in swanctl.conf.
++# @param connections connections block in swanctl.conf.
++# @param secrets secrets block in swanctl.conf.
++# @param pools pools block in swanctl.conf.
++
++class strongswan::swanctl (
++  Hash $authorities = {},
++  Hash $connections = {},
++  Hash $secrets = {},
++  Hash $pools = {},
++) {
++  file { '/etc/swanctl/swanctl.conf':
++    owner   => 'root',
++    mode    => '0600',
++    content => strongswan::hash_to_strongswan_config({
++        authorities => $authorities,
++        connections => $connections,
++        secrets     => $secrets,
++        pools       => $pools,
++    }),
++  }
++}
+-- 
+2.25.1
+

config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/patches/series

@@ -0,0 +1 @@
+0001-Add-classes-to-update-config-files.patch

config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.install

@@ -0,0 +1,3 @@
+metadata.json usr/share/puppet/modules.available/puppet-zitrlp-strongswan
+lib usr/share/puppet/modules.available/puppet-zitrlp-strongswan
+manifests usr/share/puppet/modules.available/puppet-zitrlp-strongswan

config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.postinst

@@ -0,0 +1,13 @@
+#!/bin/sh
+# see: dh_installdeb(1)
+
+set -e
+
+if [ "${1}" = "configure" ] ; then
+    update-alternatives --install /usr/share/puppet/modules/strongswan puppet-module-zitrlp-strongswan \
+        /usr/share/puppet/modules.available/puppet-zitrlp-strongswan 500
+fi
+
+#DEBHELPER#
+
+exit 0

config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.postrm

@@ -0,0 +1,13 @@
+#!/bin/sh
+# see: dh_installdeb(1)
+
+set -e
+
+if [ "${1}" = "remove" ] || [ "${1}" = "disappear" ]; then
+    update-alternatives --remove puppet-module-zitrlp-strongswan \
+        /usr/share/puppet/modules.available/puppet-zitrlp-strongswan
+fi
+
+#DEBHELPER#
+
+exit 0

config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/puppet-zitrlp-strongswan.prerm

@@ -0,0 +1,13 @@
+#!/bin/sh
+# see: dh_installdeb(1)
+
+set -e
+
+if [ "${1}" = "remove" ] || [ "${1}" = "upgrade" || [ "${1}" = "deconfigure" ]; then
+    update-alternatives --remove puppet-module-zitrlp-strongswan \
+        /usr/share/puppet/modules.available/puppet-zitrlp-strongswan
+fi
+
+#DEBHELPER#
+
+exit 0

config/puppet-modules/puppet-zitrlp-strongswan/debian/deb_folder/rules

@@ -0,0 +1,7 @@
+#!/usr/bin/make -f
+# See debhelper(7) (uncomment to enable)
+# output every command that modifies files on the build system.
+#export DH_VERBOSE = 1
+
+%:
+	dh $@

config/puppet-modules/puppet-zitrlp-strongswan/debian/meta_data.yaml

@@ -0,0 +1,10 @@
+---
+debname: puppet-zitrlp-strongswan
+debver: 0.1.0
+dl_path:
+    name: zitrlp-strongswan-0.1.0.tar.gz
+    url: https://forge.puppet.com/v3/files/zitrlp-strongswan-0.1.0.tar.gz
+    sha256sum: bf145ac0f974cd2f0fa3a1f8da2d5cb86fcd2d9c116d737839c3ea5decd298d5
+revision:
+    dist: $STX_DIST
+    BASE_SRCREV: 9ddd3705b5dcb2b13741fb5698809c101267ef26

debian_iso_image.inc

@@ -350,6 +350,9 @@ puppet-module-puppetlabs-postgresql
 #puppetlabs-stdlib-5.0.0
 puppet-module-puppetlabs-stdlib
 
+#puppet-zitrlp-strongswan
+puppet-zitrlp-strongswan
+
 #python-docker
 python3-docker
 

debian_pkg_dirs

@@ -38,6 +38,7 @@ config/puppet-modules/puppet-network
 config/puppet-modules/puppet-puppi
 config/puppet-modules/puppet-rabbitmq-8.5.0
 config/puppet-modules/puppet-staging
+config/puppet-modules/puppet-zitrlp-strongswan
 docker/python-docker
 filesystem/drbd/drbd-tools
 filesystem/luks