Merge pull request voxpupuli#577 from dansajner/support_ssl

Add support for SSL auth on api calls.
cegeka · Apr 25, 2016 · 3a6b333 · 3a6b333
2 parents a4d81f1 + f91f16b
commit 3a6b333
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 14 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -186,6 +186,22 @@
 #   package upgrades.
 #   Defaults to: true
 #
+# [*use_ssl*]
+#   Enable auth on api calls.
+#   Defaults to: false
+#
+# [*validate_ssl*]
+#   Enable ssl validation on api calls.
+#   Defaults to: true
+#
+# [*ssl_user*]
+#   Defines the username for authentication.
+#   Defaults to: undef
+#
+# [*ssl_password*]
+#   Defines the password for authentication.
+#   Defaults to: undef
+#
 # [*logdir*]
 #   Use different directory for logging
 #
@@ -255,7 +271,11 @@
   $instances             = undef,
   $instances_hiera_merge = false,
   $plugins               = undef,
-  $plugins_hiera_merge   = false
+  $plugins_hiera_merge   = false,
+  $use_ssl               = false,
+  $validate_ssl          = true,
+  $ssl_user              = undef,
+  $ssl_password          = undef
 ) inherits elasticsearch::params {
 
   anchor {'elasticsearch::begin': }
@@ -332,6 +352,23 @@
     }
   }
 
+  # Setup SSL authentication args for use in any type that hits an api
+  if $use_ssl {
+    validate_string($ssl_user)
+    validate_string($ssl_password)
+    $protocol = 'https'
+    if $validate_ssl {
+      $ssl_args = "-u ${ssl_user}:${ssl_password}"
+    } else {
+      $ssl_args = "-k -u ${ssl_user}:${ssl_password}"
+    }
+  } else {
+    $protocol = 'http'
+    # lint:ignore:empty_string_assignment
+    $ssl_args = ''
+    # lint:endignore
+  }
+
   #### Manage actions
 
   # package(s)

diff --git a/manifests/template.pp b/manifests/template.pp
@@ -42,16 +42,26 @@
 #   Default value: 9200
 #   This variable is optional
 #
+# [*protocol*]
+#   Defines the protocol to use for api calls using curl
+#   Default value from main class is: http
+#
+# [*ssl_args*]
+#   SSL arguments for curl commands.
+#   Default value from main class is an empty string.
+#
 # === Authors
 #
 # * Richard Pijnenburg <mailto:richard.pijnenburg@elasticsearch.com>
 #
 define elasticsearch::template(
-  $ensure  = 'present',
-  $file    = undef,
-  $content = undef,
-  $host    = 'localhost',
-  $port    = 9200
+  $ensure   = 'present',
+  $file     = undef,
+  $content  = undef,
+  $host     = 'localhost',
+  $port     = 9200,
+  $protocol = $::elasticsearch::protocol,
+  $ssl_args = $::elasticsearch::ssl_args
 ) {
 
   require elasticsearch
@@ -73,7 +83,7 @@
   }
 
   # Build up the url
-  $es_url = "http://${host}:${port}/_template/${name}"
+  $es_url = "${protocol}://${host}:${port}/_template/${name}"
 
   # Can't do a replace and delete at the same time
 
@@ -97,8 +107,8 @@
   # Delete the existing template
   # First check if it exists of course
   exec { "delete_template_${name}":
-    command     => "curl -s -XDELETE ${es_url}",
-    onlyif      => "test $(curl -s '${es_url}?pretty=true' | wc -l) -gt 1",
+    command     => "curl ${ssl_args} -s -XDELETE ${es_url}",
+    onlyif      => "test $(curl ${ssl_args} -s '${es_url}?pretty=true' | wc -l) -gt 1",
     notify      => $insert_notify,
     refreshonly => true,
   }
@@ -134,8 +144,8 @@
     }
 
     exec { "insert_template_${name}":
-      command     => "curl -sL -w \"%{http_code}\\n\" -XPUT ${es_url} -d @${elasticsearch::params::homedir}/templates_import/elasticsearch-template-${name}.json -o /dev/null | egrep \"(200|201)\" > /dev/null",
-      unless      => "test $(curl -s '${es_url}?pretty=true' | wc -l) -gt 1",
+      command     => "curl ${ssl_args} -sL -w \"%{http_code}\\n\" -XPUT ${es_url} -d @${elasticsearch::params::homedir}/templates_import/elasticsearch-template-${name}.json -o /dev/null | egrep \"(200|201)\" > /dev/null",
+      unless      => "test $(curl ${ssl_args} -s '${es_url}?pretty=true' | wc -l) -gt 1",
       refreshonly => true,
       loglevel    => 'debug',
     }

diff --git a/spec/defines/003_elasticsearch_template_spec.rb b/spec/defines/003_elasticsearch_template_spec.rb
@@ -23,7 +23,7 @@
 
     it { should contain_elasticsearch__template('foo') }
     it { should contain_file('/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json').with(:source => 'puppet:///path/to/foo.json', :notify => "Exec[delete_template_foo]") }
-    it { should contain_exec('insert_template_foo').with(:command => "curl -sL -w \"%{http_code}\\n\" -XPUT http://localhost:9200/_template/foo -d @/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json -o /dev/null | egrep \"(200|201)\" > /dev/null", :unless => 'test $(curl -s \'http://localhost:9200/_template/foo?pretty=true\' | wc -l) -gt 1') }
+    it { should contain_exec('insert_template_foo').with(:command => "curl  -sL -w \"%{http_code}\\n\" -XPUT http://localhost:9200/_template/foo -d @/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json -o /dev/null | egrep \"(200|201)\" > /dev/null", :unless => 'test $(curl  -s \'http://localhost:9200/_template/foo?pretty=true\' | wc -l) -gt 1') }
   end
 
   context "Delete a template" do
@@ -35,7 +35,7 @@
     it { should contain_elasticsearch__template('foo') }
     it { should_not contain_file('/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json').with(:source => 'puppet:///path/to/foo.json') }
     it { should_not contain_exec('insert_template_foo') }
-    it { should contain_exec('delete_template_foo').with(:command => 'curl -s -XDELETE http://localhost:9200/_template/foo', :notify => nil, :onlyif => 'test $(curl -s \'http://localhost:9200/_template/foo?pretty=true\' | wc -l) -gt 1' ) }
+    it { should contain_exec('delete_template_foo').with(:command => 'curl  -s -XDELETE http://localhost:9200/_template/foo', :notify => nil, :onlyif => 'test $(curl  -s \'http://localhost:9200/_template/foo?pretty=true\' | wc -l) -gt 1' ) }
   end
 
   context "Add template with alternative host and port" do
@@ -48,7 +48,7 @@
 
     it { should contain_elasticsearch__template('foo') }
     it { should contain_file('/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json').with(:source => 'puppet:///path/to/foo.json') }
-    it { should contain_exec('insert_template_foo').with(:command => "curl -sL -w \"%{http_code}\\n\" -XPUT http://otherhost:9201/_template/foo -d @/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json -o /dev/null | egrep \"(200|201)\" > /dev/null", :unless => 'test $(curl -s \'http://otherhost:9201/_template/foo?pretty=true\' | wc -l) -gt 1') }
+    it { should contain_exec('insert_template_foo').with(:command => "curl  -sL -w \"%{http_code}\\n\" -XPUT http://otherhost:9201/_template/foo -d @/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json -o /dev/null | egrep \"(200|201)\" > /dev/null", :unless => 'test $(curl  -s \'http://otherhost:9201/_template/foo?pretty=true\' | wc -l) -gt 1') }
   end
 
   context "Add template using content" do
@@ -61,4 +61,17 @@
     it { should contain_file('/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json').with(:content => '{"template":"*","settings":{"number_of_replicas":0}}') }
   end
 
+  context "Add template using ssl" do
+
+    let :params do {
+      :file     => 'puppet:///path/to/foo.json',
+      :protocol => 'https',
+      :ssl_args => '-u test_user:test_password',
+    } end
+
+    it { should contain_elasticsearch__template('foo') }
+    it { should contain_file('/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json').with(:source => 'puppet:///path/to/foo.json') }
+    it { should contain_exec('insert_template_foo').with(:command => "curl -u test_user:test_password -sL -w \"%{http_code}\\n\" -XPUT https://localhost:9200/_template/foo -d @/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json -o /dev/null | egrep \"(200|201)\" > /dev/null", :unless => 'test $(curl -u test_user:test_password -s \'https://localhost:9200/_template/foo?pretty=true\' | wc -l) -gt 1') }
+  end
+
 end