From 2b5de5902010b70b9ca8e0ed3e34a077b63d928d Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 19 May 2023 17:28:41 +0530 Subject: [PATCH] (CONT-576) allow deferred function for token & secrets --- manifests/backup/mysqlbackup.pp | 6 +++--- manifests/backup/mysqldump.pp | 2 +- manifests/backup/xtrabackup.pp | 2 +- manifests/db.pp | 2 +- manifests/server/root_password.pp | 2 +- metadata.json | 2 +- .../mysql_login_path/mysql_login_path_spec.rb | 1 + templates/meb.cnf.epp | 18 ++++++++++++++++++ templates/meb.cnf.erb | 18 ------------------ 9 files changed, 27 insertions(+), 26 deletions(-) create mode 100644 templates/meb.cnf.epp delete mode 100644 templates/meb.cnf.erb diff --git a/manifests/backup/mysqlbackup.pp b/manifests/backup/mysqlbackup.pp index c5aa53f77..9bf5366cf 100644 --- a/manifests/backup/mysqlbackup.pp +++ b/manifests/backup/mysqlbackup.pp @@ -40,7 +40,7 @@ } mysql_user { "${backupuser}@localhost": ensure => $ensure, - password_hash => mysql::password($backuppassword), + password_hash => Deferred('mysql::password', [$backuppassword]), require => Class['mysql::server::root_password'], } @@ -108,14 +108,14 @@ 'incremental_base' => 'history:last_backup', 'incremental_backup_dir' => $backupdir, 'user' => $backupuser, - 'password' => $backuppassword_unsensitive, + 'password' => Deferred('mysql::password', [$backuppassword_unsensitive]), }, } $options = mysql::normalise_and_deepmerge($default_options, $mysql::server::override_options) file { 'mysqlbackup-config-file': path => '/etc/mysql/conf.d/meb.cnf', - content => template('mysql/meb.cnf.erb'), + content => stdlib::deferrable_epp('mysql/meb.cnf.epp', { 'options' => $options }), mode => '0600', } diff --git a/manifests/backup/mysqldump.pp b/manifests/backup/mysqldump.pp index ee4e46d05..ab9236564 100644 --- a/manifests/backup/mysqldump.pp +++ b/manifests/backup/mysqldump.pp @@ -50,7 +50,7 @@ mysql_user { "${backupuser}@localhost": ensure => $ensure, - password_hash => mysql::password($backuppassword), + password_hash => Deferred('mysql::password', [$backuppassword]), require => Class['mysql::server::root_password'], } diff --git a/manifests/backup/xtrabackup.pp b/manifests/backup/xtrabackup.pp index 9bd6a7fa1..73df05af8 100644 --- a/manifests/backup/xtrabackup.pp +++ b/manifests/backup/xtrabackup.pp @@ -46,7 +46,7 @@ if $backupuser and $backuppassword { mysql_user { "${backupuser}@localhost": ensure => $ensure, - password_hash => mysql::password($backuppassword), + password_hash => Deferred('mysql::password', [$backuppassword]), require => Class['mysql::server::root_password'], } # Percona XtraBackup needs additional grants/privileges to work with MySQL 8 diff --git a/manifests/db.pp b/manifests/db.pp index 034f3247b..36a298459 100644 --- a/manifests/db.pp +++ b/manifests/db.pp @@ -102,7 +102,7 @@ $user_resource = { ensure => $ensure, - password_hash => mysql::password($password), + password_hash => Deferred('mysql::password', [$password]), tls_options => $tls_options, } ensure_resource('mysql_user', "${user}@${host}", $user_resource) diff --git a/manifests/server/root_password.pp b/manifests/server/root_password.pp index 02f5ef2af..a182f6787 100644 --- a/manifests/server/root_password.pp +++ b/manifests/server/root_password.pp @@ -32,7 +32,7 @@ if $mysql::server::create_root_user and $root_password_set { mysql_user { 'root@localhost': ensure => present, - password_hash => mysql::password($mysql::server::root_password), + password_hash => Deferred('mysql::password', [$mysql::server::root_password]), require => Exec['remove install pass'], } } diff --git a/metadata.json b/metadata.json index a240da962..d28272250 100644 --- a/metadata.json +++ b/metadata.json @@ -10,7 +10,7 @@ "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 3.2.0 < 9.0.0" + "version_requirement": ">= 8.4.0 < 9.0.0" } ], "operatingsystem_support": [ diff --git a/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb b/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb index 48f0a6afe..43b8fcbf9 100644 --- a/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb +++ b/spec/unit/puppet/provider/mysql_login_path/mysql_login_path_spec.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true require 'spec_helper' +require 'puppet/resource_api/base_context' ensure_module_defined('Puppet::Provider::MysqlLoginPath') require 'puppet/provider/mysql_login_path/mysql_login_path' diff --git a/templates/meb.cnf.epp b/templates/meb.cnf.epp new file mode 100644 index 000000000..80d7d868e --- /dev/null +++ b/templates/meb.cnf.epp @@ -0,0 +1,18 @@ +### MANAGED BY PUPPET ### + +<% $options.map |Any $k, Any $v| { -%> +<% if $v.is_a(Hash) { -%> +[<%= $k %>] +<% $v.map |Any $ki, Any $vi| { -%> +<% if $vi == true or $v == '' {-%> +<%= $ki %> +<% } elsif $vi.is_a(Hash) { -%> +<% $vi.each |$vii| { -%> +<%= $ki %> = <%= $vii %> +<% } -%> +<% } elsif !($vi == '' or $vi == undef ) { -%> +<%= $ki %> = <%= $vi %> +<% } -%> +<% } -%> +<% } %> +<% } -%> diff --git a/templates/meb.cnf.erb b/templates/meb.cnf.erb deleted file mode 100644 index d157af99a..000000000 --- a/templates/meb.cnf.erb +++ /dev/null @@ -1,18 +0,0 @@ -### MANAGED BY PUPPET ### - -<% @options.sort.map do |k,v| -%> -<% if v.is_a?(Hash) -%> -[<%= k %>] -<% v.sort.map do |ki, vi| -%> -<% if vi == true or v == '' -%> -<%= ki %> -<% elsif vi.is_a?(Array) -%> -<% vi.each do |vii| -%> -<%= ki %> = <%= vii %> -<% end -%> -<% elsif ![nil, '', :undef].include?(vi) -%> -<%= ki %> = <%= vi %> -<% end -%> -<% end -%> -<% end %> -<% end -%>