Skip to content

Commit

Permalink
Accept Puppet-Datatype Sensitive
Browse files Browse the repository at this point in the history
- let the Hash containing the Secrets for the Keystore accept Secrets of Datatype Sensitive
- fix a 15-Months-old Typo-Bug
- let api_basic_auth_password also be of Type Sensitive
  • Loading branch information
cocker-cc committed Jun 13, 2024
1 parent 2e7b301 commit abf2dea
Show file tree
Hide file tree
Showing 8 changed files with 108 additions and 74 deletions.
12 changes: 6 additions & 6 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ This is a destructive parameter and should be used with care.

##### <a name="-elasticsearch--api_basic_auth_password"></a>`api_basic_auth_password`

Data type: `Optional[String]`
Data type: `Optional[Variant[String, Sensitive[String]]]`

Defines the default REST basic auth password for API authentication.

Expand Down Expand Up @@ -854,7 +854,7 @@ Default value: `'present'`

##### <a name="-elasticsearch--license--api_basic_auth_password"></a>`api_basic_auth_password`

Data type: `Optional[String]`
Data type: `Optional[Variant[String, Sensitive[String]]]`

HTTP basic auth password to use when communicating over the Elasticsearch
API.
Expand Down Expand Up @@ -1255,7 +1255,7 @@ Default value: `'present'`

##### <a name="-elasticsearch--index--api_basic_auth_password"></a>`api_basic_auth_password`

Data type: `Optional[String]`
Data type: `Optional[Variant[String, Sensitive[String]]]`

HTTP basic auth password to use when communicating over the Elasticsearch
API.
Expand Down Expand Up @@ -1510,7 +1510,7 @@ Default value: `{}`

##### <a name="-elasticsearch--pipeline--api_basic_auth_password"></a>`api_basic_auth_password`

Data type: `Optional[String]`
Data type: `Optional[Variant[String, Sensitive[String]]]`

HTTP basic auth password to use when communicating over the Elasticsearch
API.
Expand Down Expand Up @@ -1976,7 +1976,7 @@ Default value: `'present'`

##### <a name="-elasticsearch--snapshot_repository--api_basic_auth_password"></a>`api_basic_auth_password`

Data type: `Optional[String]`
Data type: `Optional[Variant[String, Sensitive[String]]]`

HTTP basic auth password to use when communicating over the Elasticsearch
API.
Expand Down Expand Up @@ -2134,7 +2134,7 @@ Default value: `'present'`

##### <a name="-elasticsearch--template--api_basic_auth_password"></a>`api_basic_auth_password`

Data type: `Optional[String]`
Data type: `Optional[Variant[String, Sensitive[String]]]`

HTTP basic auth password to use when communicating over the Elasticsearch
API.
Expand Down
6 changes: 5 additions & 1 deletion manifests/config.pp
Original file line number Diff line number Diff line change
Expand Up @@ -226,10 +226,14 @@

# Add secrets to keystore
if $elasticsearch::secrets != undef {
# unwrap Secrets of Datatype Sensitive
$secrets = $elasticsearch::secrets.reduce({}) |Hash $memo, Array $value| {
$memo + { $value[0] => if $value[1] =~ Sensitive { $value[1].unwrap } else { $value[1] } }
}
elasticsearch_keystore { 'elasticsearch_secrets':
configdir => $elasticsearch::configdir,
purge => $elasticsearch::purge_secrets,
settings => $elasticsearch::secrets,
settings => $secrets,
notify => $elasticsearch::_notify_service,
}
}
Expand Down
30 changes: 18 additions & 12 deletions manifests/index.pp
Original file line number Diff line number Diff line change
Expand Up @@ -43,18 +43,24 @@
# @author Tyler Langlois <[email protected]>
#
define elasticsearch::index (
Enum['absent', 'present'] $ensure = 'present',
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Hash $settings = {},
Boolean $validate_tls = $elasticsearch::validate_tls,
Enum['absent', 'present'] $ensure = 'present',
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Hash $settings = {},
Boolean $validate_tls = $elasticsearch::validate_tls,
) {
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
$api_basic_auth_password.unwrap
} else {
$api_basic_auth_password
}

es_instance_conn_validator { "${name}-index-conn-validator":
server => $api_host,
port => $api_port,
Expand All @@ -68,7 +74,7 @@
port => $api_port,
timeout => $api_timeout,
username => $api_basic_auth_username,
password => $api_basic_auth_password,
password => $api_basic_auth_password_unsensitive,
ca_file => $api_ca_file,
ca_path => $api_ca_path,
validate_tls => $validate_tls,
Expand Down
2 changes: 1 addition & 1 deletion manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@
#
class elasticsearch (
Enum['absent', 'present'] $ensure,
Optional[String] $api_basic_auth_password,
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password,
Optional[String] $api_basic_auth_username,
Optional[String] $api_ca_file,
Optional[String] $api_ca_path,
Expand Down
30 changes: 18 additions & 12 deletions manifests/license.pp
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,24 @@
# @author Tyler Langlois <[email protected]>
#
class elasticsearch::license (
Enum['absent', 'present'] $ensure = 'present',
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Variant[String, Hash] $content = $elasticsearch::license,
Boolean $validate_tls = $elasticsearch::validate_tls,
Enum['absent', 'present'] $ensure = 'present',
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Variant[String, Hash] $content = $elasticsearch::license,
Boolean $validate_tls = $elasticsearch::validate_tls,
) {
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
$api_basic_auth_password.unwrap
} else {
$api_basic_auth_password
}

if $content =~ String {
$_content = parsejson($content)
} else {
Expand All @@ -80,7 +86,7 @@
port => $api_port,
timeout => $api_timeout,
username => $api_basic_auth_username,
password => $api_basic_auth_password,
password => $api_basic_auth_password_unsensitive,
ca_file => $api_ca_file,
ca_path => $api_ca_path,
validate_tls => $validate_tls,
Expand Down
30 changes: 18 additions & 12 deletions manifests/pipeline.pp
Original file line number Diff line number Diff line change
Expand Up @@ -45,18 +45,24 @@
# @author Tyler Langlois <[email protected]>
#
define elasticsearch::pipeline (
Enum['absent', 'present'] $ensure = 'present',
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Hash $content = {},
Boolean $validate_tls = $elasticsearch::validate_tls,
Enum['absent', 'present'] $ensure = 'present',
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Hash $content = {},
Boolean $validate_tls = $elasticsearch::validate_tls,
) {
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
$api_basic_auth_password.unwrap
} else {
$api_basic_auth_password
}

es_instance_conn_validator { "${name}-ingest-pipeline":
server => $api_host,
port => $api_port,
Expand All @@ -70,7 +76,7 @@
port => $api_port,
timeout => $api_timeout,
username => $api_basic_auth_username,
password => $api_basic_auth_password,
password => $api_basic_auth_password_unsensitive,
ca_file => $api_ca_file,
ca_path => $api_ca_path,
validate_tls => $validate_tls,
Expand Down
40 changes: 23 additions & 17 deletions manifests/snapshot_repository.pp
Original file line number Diff line number Diff line change
Expand Up @@ -60,23 +60,29 @@
# @author Tyler Langlois <[email protected]>
#
define elasticsearch::snapshot_repository (
String $location,
Enum['absent', 'present'] $ensure = 'present',
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Boolean $compress = true,
Optional[String] $chunk_size = undef,
Optional[String] $max_restore_rate = undef,
Optional[String] $max_snapshot_rate = undef,
Optional[String] $repository_type = undef,
Boolean $validate_tls = $elasticsearch::validate_tls,
String $location,
Enum['absent', 'present'] $ensure = 'present',
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Boolean $compress = true,
Optional[String] $chunk_size = undef,
Optional[String] $max_restore_rate = undef,
Optional[String] $max_snapshot_rate = undef,
Optional[String] $repository_type = undef,
Boolean $validate_tls = $elasticsearch::validate_tls,
) {
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
$api_basic_auth_password.unwrap
} else {
$api_basic_auth_password
}

es_instance_conn_validator { "${name}-snapshot":
server => $api_host,
port => $api_port,
Expand All @@ -95,7 +101,7 @@
port => $api_port,
timeout => $api_timeout,
username => $api_basic_auth_username,
password => $api_basic_auth_password,
password => $api_basic_auth_password_unsensitive,
ca_file => $api_ca_file,
ca_path => $api_ca_path,
validate_tls => $validate_tls,
Expand Down
32 changes: 19 additions & 13 deletions manifests/template.pp
Original file line number Diff line number Diff line change
Expand Up @@ -53,19 +53,25 @@
# @author Tyler Langlois <[email protected]>
#
define elasticsearch::template (
Enum['absent', 'present'] $ensure = 'present',
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Optional[Variant[String, Hash]] $content = undef,
Optional[String] $source = undef,
Boolean $validate_tls = $elasticsearch::validate_tls,
Enum['absent', 'present'] $ensure = 'present',
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
String $api_host = $elasticsearch::api_host,
Integer[0, 65535] $api_port = $elasticsearch::api_port,
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
Integer $api_timeout = $elasticsearch::api_timeout,
Optional[Variant[String, Hash]] $content = undef,
Optional[String] $source = undef,
Boolean $validate_tls = $elasticsearch::validate_tls,
) {
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
$api_basic_auth_password.unwrap
} else {
$api_basic_auth_password
}

if $content =~ String {
$_content = parsejson($content)
} else {
Expand All @@ -92,7 +98,7 @@
port => $api_port,
timeout => $api_timeout,
username => $api_basic_auth_username,
password => $api_basic_auth_password,
password => $api_basic_auth_password_unsensitive,
ca_file => $api_ca_file,
ca_path => $api_ca_path,
validate_tls => $validate_tls,
Expand Down

0 comments on commit abf2dea

Please sign in to comment.