Release 0.6.0

Features

• Adds support for providing an array of values to the patch_group attribute of the patching_as_code class
• Adds support for providing an array of values to the count_of_week parameter in a patch schedule

Release 0.5.0

Features

• Removes dependency on the windows_updates module, we can now install Windows Updates natively
• Adds a Task to install a Windows Update over WinRM or PCP
• Updates the PDK to 2.0.0
• No longer fails the resource if the Windows Update is no longer available/applicable for the node
• Write a patching_as_code_config fact that reports configuration state
• Support security-only patching via a new security_only parameter to the class. This works for Linux today, but requires a not-yet shipped update to pe_patch for Windows
• Preparations for being able to run patching_as_code as a plan, not yet active.

Release 0.4.3

Bugfixes

• Ensure yum-utils package on all RedHat/CentOS versions, not just 8
• Use ensure_packages() for safer enforcement of yum-utils package

Release 0.4.2

Bugfixes

• Account for $facts['operatingsystemmajrelease'] returning a string instead of an integer

Release 0.4.1

Bugfixes

• For parsing the result of /usr/bin/needs-restarting -r in CentOS 7/8, the script was if [ $? -eq 0 ] instead of if [ $? -eq 1 ], which caused the logic to be flipped.

Release 0.4.0

Features

• Completely rewrote the reboot behavior, so that pending reboot detections fully works both before patching and after patching, in the same Puppet run. There is no more dependency on the reboots.reboot_required portion of the pe_patch/os_patching fact, all logic is now internal and no longer requires multiple Puppet runs.
• Changed the default schedules to reboot: ifneeded (was reboot: always), now that the pending reboot logic has improved so much
• Ensured that pre_reboot commands will now trigger when necessary (only one scenario can happen at a time):
  • when an OS pending reboot is detected at the start of a run (before patching)
  • when an OS pending reboot is detected at the end of a run (after patching)
• Forced pre_reboot commands (which are essentially Exec resources) to use the posix provider on Linux and the powershell provider on Windows, so that the pending reboot detection logic can be injected to the resource dynamically.
• Fixed a bug in the is_patchday() function

Release 0.3.0

Features

• Rewrote updating of Linux packages to use a custom type (patch_package), which dynamically updates and/or creates package resources for patching in the catalog on the agent side. This ensures no duplicate package declarations can occur on the server side, due to the parsing-order dependency of defined() and defined_with_params(). Neither of these functions are used anymore.

Release 0.2.9

Bugfixes

• Also protect against duplicate package declarations when ensure is set to a version. This isn't 100% bulletproof as the check is parse-order-dependent, but will work in most cases.

Release 0.2.8

Bugfixes

• Ensured Linux patches cannot cause duplicate declarations

Release 0.2.7

Bugfixes

• Added dependency to puppetlabs/puppet_agent to the module's metadata