From fd661dc5254abaeb82b20ea84aa52e34b1bb7ce5 Mon Sep 17 00:00:00 2001
From: Dan Sajner <sajner.2@gmail.com>
Date: Wed, 3 Feb 2016 10:17:28 -0500
Subject: [PATCH 1/3] Add support for SSL auth on api calls.

---
 manifests/init.pp                             | 37 ++++++++++++++++++-
 manifests/template.pp                         | 30 ++++++++++-----
 .../003_elasticsearch_template_spec.rb        | 19 ++++++++--
 3 files changed, 72 insertions(+), 14 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 3aeb440e0..d006d4671 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -182,6 +182,22 @@
 #   package upgrades.
 #   Defaults to: true
 #
+# [*use_ssl*]
+#   Enable auth on api calls.
+#   Defaults to: false
+#
+# [*validate_ssl*]
+#   Enable ssl validation on api calls.
+#   Defaults to: true
+#
+# [*ssl_user*]
+#   Defines the username for authentication.
+#   Defaults to: undef
+#
+# [*ssl_password*]
+#   Defines the password for authentication.
+#   Defaults to: undef
+#
 # The default values for the parameters are set in elasticsearch::params. Have
 # a look at the corresponding <tt>params.pp</tt> manifest file if you need more
 # technical information about them.
@@ -247,7 +263,11 @@
   $instances             = undef,
   $instances_hiera_merge = false,
   $plugins               = undef,
-  $plugins_hiera_merge   = false
+  $plugins_hiera_merge   = false,
+  $use_ssl               = false,
+  $validate_ssl          = true,
+  $ssl_user              = undef,
+  $ssl_password          = undef
 ) inherits elasticsearch::params {
 
   anchor {'elasticsearch::begin': }
@@ -324,6 +344,21 @@
     }
   }
 
+  # Setup SSL authentication args for use in any type that hits an api
+  if $use_ssl {
+    validate_string($ssl_user)
+    validate_string($ssl_password)
+    $protocol = 'https'
+    if $validate_ssl {
+      $ssl_args = "-u ${ssl_user}:${ssl_password}"
+    } else {
+      $ssl_args = "-k -u ${ssl_user}:${ssl_password}"
+    }
+  } else {
+    $protocol = 'http'
+    $ssl_args = ''
+  }
+
   #### Manage actions
 
   # package(s)
diff --git a/manifests/template.pp b/manifests/template.pp
index 4de931691..50712e83a 100644
--- a/manifests/template.pp
+++ b/manifests/template.pp
@@ -42,16 +42,26 @@
 #   Default value: 9200
 #   This variable is optional
 #
+# [*protocol*]
+#   Defines the protocol to use for api calls using curl
+#   Default value from main class is: http
+#
+# [*ssl_args*]
+#   SSL arguments for curl commands.
+#   Default value from main class is an empty string.
+#
 # === Authors
 #
 # * Richard Pijnenburg <mailto:richard.pijnenburg@elasticsearch.com>
 #
 define elasticsearch::template(
-  $ensure  = 'present',
-  $file    = undef,
-  $content = undef,
-  $host    = 'localhost',
-  $port    = 9200
+  $ensure   = 'present',
+  $file     = undef,
+  $content  = undef,
+  $host     = 'localhost',
+  $port     = 9200,
+  $protocol = $::elasticsearch::protocol,
+  $ssl_args = $::elasticsearch::ssl_args
 ) {
 
   require elasticsearch
@@ -73,7 +83,7 @@
   }
 
   # Build up the url
-  $es_url = "http://${host}:${port}/_template/${name}"
+  $es_url = "${protocol}://${host}:${port}/_template/${name}"
 
   # Can't do a replace and delete at the same time
 
@@ -97,8 +107,8 @@
   # Delete the existing template
   # First check if it exists of course
   exec { "delete_template_${name}":
-    command     => "curl -s -XDELETE ${es_url}",
-    onlyif      => "test $(curl -s '${es_url}?pretty=true' | wc -l) -gt 1",
+    command     => "curl ${ssl_args} -s -XDELETE ${es_url}",
+    onlyif      => "test $(curl ${ssl_args} -s '${es_url}?pretty=true' | wc -l) -gt 1",
     notify      => $insert_notify,
     refreshonly => true,
   }
@@ -134,8 +144,8 @@
     }
 
     exec { "insert_template_${name}":
-      command     => "curl -sL -w \"%{http_code}\\n\" -XPUT ${es_url} -d @${elasticsearch::params::homedir}/templates_import/elasticsearch-template-${name}.json -o /dev/null | egrep \"(200|201)\" > /dev/null",
-      unless      => "test $(curl -s '${es_url}?pretty=true' | wc -l) -gt 1",
+      command     => "curl ${ssl_args} -sL -w \"%{http_code}\\n\" -XPUT ${es_url} -d @${elasticsearch::params::homedir}/templates_import/elasticsearch-template-${name}.json -o /dev/null | egrep \"(200|201)\" > /dev/null",
+      unless      => "test $(curl ${ssl_args} -s '${es_url}?pretty=true' | wc -l) -gt 1",
       refreshonly => true,
       loglevel    => 'debug',
     }
diff --git a/spec/defines/003_elasticsearch_template_spec.rb b/spec/defines/003_elasticsearch_template_spec.rb
index d1642653c..45746df25 100644
--- a/spec/defines/003_elasticsearch_template_spec.rb
+++ b/spec/defines/003_elasticsearch_template_spec.rb
@@ -23,7 +23,7 @@
 
     it { should contain_elasticsearch__template('foo') }
     it { should contain_file('/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json').with(:source => 'puppet:///path/to/foo.json', :notify => "Exec[delete_template_foo]") }
-    it { should contain_exec('insert_template_foo').with(:command => "curl -sL -w \"%{http_code}\\n\" -XPUT http://localhost:9200/_template/foo -d @/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json -o /dev/null | egrep \"(200|201)\" > /dev/null", :unless => 'test $(curl -s \'http://localhost:9200/_template/foo?pretty=true\' | wc -l) -gt 1') }
+    it { should contain_exec('insert_template_foo').with(:command => "curl  -sL -w \"%{http_code}\\n\" -XPUT http://localhost:9200/_template/foo -d @/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json -o /dev/null | egrep \"(200|201)\" > /dev/null", :unless => 'test $(curl  -s \'http://localhost:9200/_template/foo?pretty=true\' | wc -l) -gt 1') }
   end
 
   context "Delete a template" do
@@ -35,7 +35,7 @@
     it { should contain_elasticsearch__template('foo') }
     it { should_not contain_file('/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json').with(:source => 'puppet:///path/to/foo.json') }
     it { should_not contain_exec('insert_template_foo') }
-    it { should contain_exec('delete_template_foo').with(:command => 'curl -s -XDELETE http://localhost:9200/_template/foo', :notify => nil, :onlyif => 'test $(curl -s \'http://localhost:9200/_template/foo?pretty=true\' | wc -l) -gt 1' ) }
+    it { should contain_exec('delete_template_foo').with(:command => 'curl  -s -XDELETE http://localhost:9200/_template/foo', :notify => nil, :onlyif => 'test $(curl  -s \'http://localhost:9200/_template/foo?pretty=true\' | wc -l) -gt 1' ) }
   end
 
   context "Add template with alternative host and port" do
@@ -48,7 +48,7 @@
 
     it { should contain_elasticsearch__template('foo') }
     it { should contain_file('/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json').with(:source => 'puppet:///path/to/foo.json') }
-    it { should contain_exec('insert_template_foo').with(:command => "curl -sL -w \"%{http_code}\\n\" -XPUT http://otherhost:9201/_template/foo -d @/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json -o /dev/null | egrep \"(200|201)\" > /dev/null", :unless => 'test $(curl -s \'http://otherhost:9201/_template/foo?pretty=true\' | wc -l) -gt 1') }
+    it { should contain_exec('insert_template_foo').with(:command => "curl  -sL -w \"%{http_code}\\n\" -XPUT http://otherhost:9201/_template/foo -d @/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json -o /dev/null | egrep \"(200|201)\" > /dev/null", :unless => 'test $(curl  -s \'http://otherhost:9201/_template/foo?pretty=true\' | wc -l) -gt 1') }
   end
 
   context "Add template using content" do
@@ -61,4 +61,17 @@
     it { should contain_file('/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json').with(:content => '{"template":"*","settings":{"number_of_replicas":0}}') }
   end
 
+  context "Add template using ssl" do
+
+    let :params do {
+      :file     => 'puppet:///path/to/foo.json',
+      :protocol => 'https',
+      :ssl_args => '-u test_user:test_password',
+    } end
+
+    it { should contain_elasticsearch__template('foo') }
+    it { should contain_file('/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json').with(:source => 'puppet:///path/to/foo.json') }
+    it { should contain_exec('insert_template_foo').with(:command => "curl -u test_user:test_password -sL -w \"%{http_code}\\n\" -XPUT https://localhost:9200/_template/foo -d @/usr/share/elasticsearch/templates_import/elasticsearch-template-foo.json -o /dev/null | egrep \"(200|201)\" > /dev/null", :unless => 'test $(curl -u test_user:test_password -s \'https://localhost:9200/_template/foo?pretty=true\' | wc -l) -gt 1') }
+  end
+
 end

From d3da29920514ad84b24a5e5b8ff7dcb93841e178 Mon Sep 17 00:00:00 2001
From: Dan Sajner <sajner.2@gmail.com>
Date: Wed, 6 Apr 2016 12:17:36 -0400
Subject: [PATCH 2/3] Fix typo from the rebase.

---
 manifests/init.pp | 1 -
 1 file changed, 1 deletion(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 9fd67f222..4de94cc17 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -182,7 +182,6 @@
 #   package upgrades.
 #   Defaults to: true
 #
-<<<<<<< HEAD
 # [*use_ssl*]
 #   Enable auth on api calls.
 #   Defaults to: false

From cc1f181f0e934eb1d5fde5b0f7eb3ab23a3cc340 Mon Sep 17 00:00:00 2001
From: Dan Sajner <sajner.2@gmail.com>
Date: Thu, 21 Apr 2016 11:14:12 -0400
Subject: [PATCH 3/3] Add a lint ingore on a valid empty string assignment.

---
 manifests/init.pp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manifests/init.pp b/manifests/init.pp
index 4de94cc17..813b0c3fe 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -359,7 +359,9 @@
     }
   } else {
     $protocol = 'http'
+    # lint:ignore:empty_string_assignment
     $ssl_args = ''
+    # lint:endignore
   }
 
   #### Manage actions