Skip to content

Commit

Permalink
Accept Puppet-Datatype Sensitive
Browse files Browse the repository at this point in the history
- let the Hash containing the Secrets for the Keystore accept Secrets of Datatype Sensitive
- fix a 15-Months-old Typo-Bug
- let api_basic_auth_password also be of Type Sensitive
  • Loading branch information
cocker-cc committed Aug 30, 2022
1 parent ff32c58 commit 9180744
Show file tree
Hide file tree
Showing 7 changed files with 102 additions and 68 deletions.
6 changes: 5 additions & 1 deletion manifests/config.pp
Original file line number Diff line number Diff line change
Expand Up @@ -214,10 +214,14 @@

# Add secrets to keystore
if $elasticsearch::secrets != undef {
# unwrap Secrets of Datatype Sensitive
$secrets = $elasticsearch::secrets.reduce( {}) |Hash $memo, Array $value| {
$memo + { $value[0] => if $value[1] =~ Sensitive { $value[1].unwrap } else { $value[1] } }
}
elasticsearch_keystore { 'elasticsearch_secrets':
configdir => $elasticsearch::configdir,
purge => $elasticsearch::purge_secrets,
settings => $elasticsearch::secrets,
settings => $secrets,
notify => $elasticsearch::_notify_service,
}
}
Expand Down
30 changes: 18 additions & 12 deletions manifests/index.pp
Original file line number Diff line number Diff line change
Expand Up @@ -43,18 +43,24 @@
# @author Tyler Langlois <tyler.langlois@elastic.co>
#
define elasticsearch::index (
Enum['absent', 'present'] $ensure = 'present',
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Hash $settings = {},
Boolean $validate_tls = $elasticsearch::validate_tls,
Enum['absent', 'present'] $ensure = 'present',
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Hash $settings = {},
Boolean $validate_tls = $elasticsearch::validate_tls,
) {
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
$api_basic_auth_password.unwrap
} else {
$api_basic_auth_password
}

es_instance_conn_validator { "${name}-index-conn-validator":
server => $api_host,
port => $api_port,
Expand All @@ -68,7 +74,7 @@
port => $api_port,
timeout => $api_timeout,
username => $api_basic_auth_username,
password => $api_basic_auth_password,
password => $api_basic_auth_password_unsensitive,
ca_file => $api_ca_file,
ca_path => $api_ca_path,
validate_tls => $validate_tls,
Expand Down
2 changes: 1 addition & 1 deletion manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -328,7 +328,7 @@
#
class elasticsearch (
Enum['absent', 'present'] $ensure,
Optional[String] $api_basic_auth_password,
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password,
Optional[String] $api_basic_auth_username,
Optional[String] $api_ca_file,
Optional[String] $api_ca_path,
Expand Down
30 changes: 18 additions & 12 deletions manifests/license.pp
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,24 @@
# @author Tyler Langlois <tyler.langlois@elastic.co>
#
class elasticsearch::license (
Enum['absent', 'present'] $ensure = 'present',
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Variant[String, Hash] $content = $elasticsearch::license,
Boolean $validate_tls = $elasticsearch::validate_tls,
Enum['absent', 'present'] $ensure = 'present',
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Variant[String, Hash] $content = $elasticsearch::license,
Boolean $validate_tls = $elasticsearch::validate_tls,
) {
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
$api_basic_auth_password.unwrap
} else {
$api_basic_auth_password
}

if $content =~ String {
$_content = parsejson($content)
} else {
Expand All @@ -80,7 +86,7 @@
port => $api_port,
timeout => $api_timeout,
username => $api_basic_auth_username,
password => $api_basic_auth_password,
password => $api_basic_auth_password_unsensitive,
ca_file => $api_ca_file,
ca_path => $api_ca_path,
validate_tls => $validate_tls,
Expand Down
30 changes: 18 additions & 12 deletions manifests/pipeline.pp
Original file line number Diff line number Diff line change
Expand Up @@ -45,18 +45,24 @@
# @author Tyler Langlois <tyler.langlois@elastic.co>
#
define elasticsearch::pipeline (
Enum['absent', 'present'] $ensure = 'present',
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Hash $content = {},
Boolean $validate_tls = $elasticsearch::validate_tls,
Enum['absent', 'present'] $ensure = 'present',
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Hash $content = {},
Boolean $validate_tls = $elasticsearch::validate_tls,
) {
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
$api_basic_auth_password.unwrap
} else {
$api_basic_auth_password
}

es_instance_conn_validator { "${name}-ingest-pipeline":
server => $api_host,
port => $api_port,
Expand All @@ -70,7 +76,7 @@
port => $api_port,
timeout => $api_timeout,
username => $api_basic_auth_username,
password => $api_basic_auth_password,
password => $api_basic_auth_password_unsensitive,
ca_file => $api_ca_file,
ca_path => $api_ca_path,
validate_tls => $validate_tls,
Expand Down
40 changes: 23 additions & 17 deletions manifests/snapshot_repository.pp
Original file line number Diff line number Diff line change
Expand Up @@ -60,23 +60,29 @@
# @author Tyler Langlois <tyler.langlois@elastic.co>
#
define elasticsearch::snapshot_repository (
String $location,
Enum['absent', 'present'] $ensure = 'present',
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Boolean $compress = true,
Optional[String] $chunk_size = undef,
Optional[String] $max_restore_rate = undef,
Optional[String] $max_snapshot_rate = undef,
Optional[String] $repository_type = undef,
Boolean $validate_tls = $elasticsearch::validate_tls,
String $location,
Enum['absent', 'present'] $ensure = 'present',
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Boolean $compress = true,
Optional[String] $chunk_size = undef,
Optional[String] $max_restore_rate = undef,
Optional[String] $max_snapshot_rate = undef,
Optional[String] $repository_type = undef,
Boolean $validate_tls = $elasticsearch::validate_tls,
) {
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
$api_basic_auth_password.unwrap
} else {
$api_basic_auth_password
}

es_instance_conn_validator { "${name}-snapshot":
server => $api_host,
port => $api_port,
Expand All @@ -95,7 +101,7 @@
port => $api_port,
timeout => $api_timeout,
username => $api_basic_auth_username,
password => $api_basic_auth_password,
password => $api_basic_auth_password_unsensitive,
ca_file => $api_ca_file,
ca_path => $api_ca_path,
validate_tls => $validate_tls,
Expand Down
32 changes: 19 additions & 13 deletions manifests/template.pp
Original file line number Diff line number Diff line change
Expand Up @@ -53,19 +53,25 @@
# @author Tyler Langlois <tyler.langlois@elastic.co>
#
define elasticsearch::template (
Enum['absent', 'present'] $ensure = 'present',
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Optional[Variant[String, Hash]] $content = undef,
Optional[String] $source = undef,
Boolean $validate_tls = $elasticsearch::validate_tls,
Enum['absent', 'present'] $ensure = 'present',
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Optional[Variant[String, Hash]] $content = undef,
Optional[String] $source = undef,
Boolean $validate_tls = $elasticsearch::validate_tls,
) {
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
$api_basic_auth_password.unwrap
} else {
$api_basic_auth_password
}

if $content =~ String {
$_content = parsejson($content)
} else {
Expand All @@ -92,7 +98,7 @@
port => $api_port,
timeout => $api_timeout,
username => $api_basic_auth_username,
password => $api_basic_auth_password,
password => $api_basic_auth_password_unsensitive,
ca_file => $api_ca_file,
ca_path => $api_ca_path,
validate_tls => $validate_tls,
Expand Down

0 comments on commit 9180744

Please sign in to comment.