Skip to content

Commit d379556

Browse files
cocker-cccocker-cc
committed
Accept Puppet-Datatype Sensitive
- let the Hash containing the Secrets for the Keystore accept Secrets of Datatype Sensitive - fix a 15-Months-old Typo-Bug - let api_basic_auth_password also be of Type Sensitive
1 parent 3d316e3 commit d379556

10 files changed

+116
-78
lines changed

REFERENCE.md

+10-10
Original file line numberDiff line numberDiff line change
@@ -57,8 +57,8 @@
5757

5858
### Data types
5959

60-
* [`Elasticsearch::Multipath`](#Elasticsearch--Multipath)
61-
* [`Elasticsearch::Status`](#Elasticsearch--Status)
60+
* [`Elasticsearch::Multipath`](#Elasticsearch--Multipath): @ summary Puppet-Type for Elasticsearch's Multipath
61+
* [`Elasticsearch::Status`](#Elasticsearch--Status): Puppet-Type for Elasticsearch's Status
6262

6363
## Classes
6464

@@ -199,7 +199,7 @@ This is a destructive parameter and should be used with care.
199199

200200
##### <a name="-elasticsearch--api_basic_auth_password"></a>`api_basic_auth_password`
201201

202-
Data type: `Optional[String]`
202+
Data type: `Optional[Variant[String, Sensitive[String]]]`
203203

204204
Defines the default REST basic auth password for API authentication.
205205

@@ -854,7 +854,7 @@ Default value: `'present'`
854854

855855
##### <a name="-elasticsearch--license--api_basic_auth_password"></a>`api_basic_auth_password`
856856

857-
Data type: `Optional[String]`
857+
Data type: `Optional[Variant[String, Sensitive[String]]]`
858858

859859
HTTP basic auth password to use when communicating over the Elasticsearch
860860
API.
@@ -1255,7 +1255,7 @@ Default value: `'present'`
12551255

12561256
##### <a name="-elasticsearch--index--api_basic_auth_password"></a>`api_basic_auth_password`
12571257

1258-
Data type: `Optional[String]`
1258+
Data type: `Optional[Variant[String, Sensitive[String]]]`
12591259

12601260
HTTP basic auth password to use when communicating over the Elasticsearch
12611261
API.
@@ -1510,7 +1510,7 @@ Default value: `{}`
15101510

15111511
##### <a name="-elasticsearch--pipeline--api_basic_auth_password"></a>`api_basic_auth_password`
15121512

1513-
Data type: `Optional[String]`
1513+
Data type: `Optional[Variant[String, Sensitive[String]]]`
15141514

15151515
HTTP basic auth password to use when communicating over the Elasticsearch
15161516
API.
@@ -1976,7 +1976,7 @@ Default value: `'present'`
19761976

19771977
##### <a name="-elasticsearch--snapshot_repository--api_basic_auth_password"></a>`api_basic_auth_password`
19781978

1979-
Data type: `Optional[String]`
1979+
Data type: `Optional[Variant[String, Sensitive[String]]]`
19801980

19811981
HTTP basic auth password to use when communicating over the Elasticsearch
19821982
API.
@@ -2134,7 +2134,7 @@ Default value: `'present'`
21342134

21352135
##### <a name="-elasticsearch--template--api_basic_auth_password"></a>`api_basic_auth_password`
21362136

2137-
Data type: `Optional[String]`
2137+
Data type: `Optional[Variant[String, Sensitive[String]]]`
21382138

21392139
HTTP basic auth password to use when communicating over the Elasticsearch
21402140
API.
@@ -3237,13 +3237,13 @@ Returns: `Any` String
32373237

32383238
### <a name="Elasticsearch--Multipath"></a>`Elasticsearch::Multipath`
32393239

3240-
The Elasticsearch::Multipath data type.
3240+
@ summary Puppet-Type for Elasticsearch's Multipath
32413241

32423242
Alias of `Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath]`
32433243

32443244
### <a name="Elasticsearch--Status"></a>`Elasticsearch::Status`
32453245

3246-
The Elasticsearch::Status data type.
3246+
Puppet-Type for Elasticsearch's Status
32473247

32483248
Alias of `Enum['enabled', 'disabled', 'running', 'unmanaged']`
32493249

manifests/config.pp

+5-1
Original file line numberDiff line numberDiff line change
@@ -226,10 +226,14 @@
226226

227227
# Add secrets to keystore
228228
if $elasticsearch::secrets != undef {
229+
# unwrap Secrets of Datatype Sensitive
230+
$secrets = $elasticsearch::secrets.reduce({}) |Hash $memo, Array $value| {
231+
$memo + { $value[0] => if $value[1] =~ Sensitive { $value[1].unwrap } else { $value[1] } }
232+
}
229233
elasticsearch_keystore { 'elasticsearch_secrets':
230234
configdir => $elasticsearch::configdir,
231235
purge => $elasticsearch::purge_secrets,
232-
settings => $elasticsearch::secrets,
236+
settings => $secrets,
233237
notify => $elasticsearch::_notify_service,
234238
}
235239
}

manifests/index.pp

+18-12
Original file line numberDiff line numberDiff line change
@@ -43,18 +43,24 @@
4343
# @author Tyler Langlois <[email protected]>
4444
#
4545
define elasticsearch::index (
46-
Enum['absent', 'present'] $ensure = 'present',
47-
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
48-
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
49-
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
50-
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
51-
String $api_host = $elasticsearch::api_host,
52-
Integer[0, 65535] $api_port = $elasticsearch::api_port,
53-
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
54-
Integer $api_timeout = $elasticsearch::api_timeout,
55-
Hash $settings = {},
56-
Boolean $validate_tls = $elasticsearch::validate_tls,
46+
Enum['absent', 'present'] $ensure = 'present',
47+
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
48+
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
49+
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
50+
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
51+
String $api_host = $elasticsearch::api_host,
52+
Integer[0, 65535] $api_port = $elasticsearch::api_port,
53+
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
54+
Integer $api_timeout = $elasticsearch::api_timeout,
55+
Hash $settings = {},
56+
Boolean $validate_tls = $elasticsearch::validate_tls,
5757
) {
58+
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
59+
$api_basic_auth_password.unwrap
60+
} else {
61+
$api_basic_auth_password
62+
}
63+
5864
es_instance_conn_validator { "${name}-index-conn-validator":
5965
server => $api_host,
6066
port => $api_port,
@@ -68,7 +74,7 @@
6874
port => $api_port,
6975
timeout => $api_timeout,
7076
username => $api_basic_auth_username,
71-
password => $api_basic_auth_password,
77+
password => $api_basic_auth_password_unsensitive,
7278
ca_file => $api_ca_file,
7379
ca_path => $api_ca_path,
7480
validate_tls => $validate_tls,

manifests/init.pp

+1-1
Original file line numberDiff line numberDiff line change
@@ -349,7 +349,7 @@
349349
#
350350
class elasticsearch (
351351
Enum['absent', 'present'] $ensure,
352-
Optional[String] $api_basic_auth_password,
352+
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password,
353353
Optional[String] $api_basic_auth_username,
354354
Optional[String] $api_ca_file,
355355
Optional[String] $api_ca_path,

manifests/license.pp

+18-12
Original file line numberDiff line numberDiff line change
@@ -42,18 +42,24 @@
4242
# @author Tyler Langlois <[email protected]>
4343
#
4444
class elasticsearch::license (
45-
Enum['absent', 'present'] $ensure = 'present',
46-
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
47-
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
48-
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
49-
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
50-
String $api_host = $elasticsearch::api_host,
51-
Integer[0, 65535] $api_port = $elasticsearch::api_port,
52-
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
53-
Integer $api_timeout = $elasticsearch::api_timeout,
54-
Variant[String, Hash] $content = $elasticsearch::license,
55-
Boolean $validate_tls = $elasticsearch::validate_tls,
45+
Enum['absent', 'present'] $ensure = 'present',
46+
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
47+
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
48+
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
49+
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
50+
String $api_host = $elasticsearch::api_host,
51+
Integer[0, 65535] $api_port = $elasticsearch::api_port,
52+
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
53+
Integer $api_timeout = $elasticsearch::api_timeout,
54+
Variant[String, Hash] $content = $elasticsearch::license,
55+
Boolean $validate_tls = $elasticsearch::validate_tls,
5656
) {
57+
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
58+
$api_basic_auth_password.unwrap
59+
} else {
60+
$api_basic_auth_password
61+
}
62+
5763
if $content =~ String {
5864
$_content = parsejson($content)
5965
} else {
@@ -80,7 +86,7 @@
8086
port => $api_port,
8187
timeout => $api_timeout,
8288
username => $api_basic_auth_username,
83-
password => $api_basic_auth_password,
89+
password => $api_basic_auth_password_unsensitive,
8490
ca_file => $api_ca_file,
8591
ca_path => $api_ca_path,
8692
validate_tls => $validate_tls,

manifests/pipeline.pp

+18-12
Original file line numberDiff line numberDiff line change
@@ -45,18 +45,24 @@
4545
# @author Tyler Langlois <[email protected]>
4646
#
4747
define elasticsearch::pipeline (
48-
Enum['absent', 'present'] $ensure = 'present',
49-
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
50-
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
51-
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
52-
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
53-
String $api_host = $elasticsearch::api_host,
54-
Integer[0, 65535] $api_port = $elasticsearch::api_port,
55-
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
56-
Integer $api_timeout = $elasticsearch::api_timeout,
57-
Hash $content = {},
58-
Boolean $validate_tls = $elasticsearch::validate_tls,
48+
Enum['absent', 'present'] $ensure = 'present',
49+
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
50+
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
51+
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
52+
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
53+
String $api_host = $elasticsearch::api_host,
54+
Integer[0, 65535] $api_port = $elasticsearch::api_port,
55+
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
56+
Integer $api_timeout = $elasticsearch::api_timeout,
57+
Hash $content = {},
58+
Boolean $validate_tls = $elasticsearch::validate_tls,
5959
) {
60+
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
61+
$api_basic_auth_password.unwrap
62+
} else {
63+
$api_basic_auth_password
64+
}
65+
6066
es_instance_conn_validator { "${name}-ingest-pipeline":
6167
server => $api_host,
6268
port => $api_port,
@@ -70,7 +76,7 @@
7076
port => $api_port,
7177
timeout => $api_timeout,
7278
username => $api_basic_auth_username,
73-
password => $api_basic_auth_password,
79+
password => $api_basic_auth_password_unsensitive,
7480
ca_file => $api_ca_file,
7581
ca_path => $api_ca_path,
7682
validate_tls => $validate_tls,

manifests/snapshot_repository.pp

+23-17
Original file line numberDiff line numberDiff line change
@@ -60,23 +60,29 @@
6060
# @author Tyler Langlois <[email protected]>
6161
#
6262
define elasticsearch::snapshot_repository (
63-
String $location,
64-
Enum['absent', 'present'] $ensure = 'present',
65-
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
66-
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
67-
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
68-
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
69-
String $api_host = $elasticsearch::api_host,
70-
Integer[0, 65535] $api_port = $elasticsearch::api_port,
71-
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
72-
Integer $api_timeout = $elasticsearch::api_timeout,
73-
Boolean $compress = true,
74-
Optional[String] $chunk_size = undef,
75-
Optional[String] $max_restore_rate = undef,
76-
Optional[String] $max_snapshot_rate = undef,
77-
Optional[String] $repository_type = undef,
78-
Boolean $validate_tls = $elasticsearch::validate_tls,
63+
String $location,
64+
Enum['absent', 'present'] $ensure = 'present',
65+
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
66+
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
67+
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
68+
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
69+
String $api_host = $elasticsearch::api_host,
70+
Integer[0, 65535] $api_port = $elasticsearch::api_port,
71+
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
72+
Integer $api_timeout = $elasticsearch::api_timeout,
73+
Boolean $compress = true,
74+
Optional[String] $chunk_size = undef,
75+
Optional[String] $max_restore_rate = undef,
76+
Optional[String] $max_snapshot_rate = undef,
77+
Optional[String] $repository_type = undef,
78+
Boolean $validate_tls = $elasticsearch::validate_tls,
7979
) {
80+
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
81+
$api_basic_auth_password.unwrap
82+
} else {
83+
$api_basic_auth_password
84+
}
85+
8086
es_instance_conn_validator { "${name}-snapshot":
8187
server => $api_host,
8288
port => $api_port,
@@ -95,7 +101,7 @@
95101
port => $api_port,
96102
timeout => $api_timeout,
97103
username => $api_basic_auth_username,
98-
password => $api_basic_auth_password,
104+
password => $api_basic_auth_password_unsensitive,
99105
ca_file => $api_ca_file,
100106
ca_path => $api_ca_path,
101107
validate_tls => $validate_tls,

manifests/template.pp

+19-13
Original file line numberDiff line numberDiff line change
@@ -53,19 +53,25 @@
5353
# @author Tyler Langlois <[email protected]>
5454
#
5555
define elasticsearch::template (
56-
Enum['absent', 'present'] $ensure = 'present',
57-
Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
58-
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
59-
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
60-
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
61-
String $api_host = $elasticsearch::api_host,
62-
Integer[0, 65535] $api_port = $elasticsearch::api_port,
63-
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
64-
Integer $api_timeout = $elasticsearch::api_timeout,
65-
Optional[Variant[String, Hash]] $content = undef,
66-
Optional[String] $source = undef,
67-
Boolean $validate_tls = $elasticsearch::validate_tls,
56+
Enum['absent', 'present'] $ensure = 'present',
57+
Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,
58+
Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,
59+
Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,
60+
Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,
61+
String $api_host = $elasticsearch::api_host,
62+
Integer[0, 65535] $api_port = $elasticsearch::api_port,
63+
Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,
64+
Integer $api_timeout = $elasticsearch::api_timeout,
65+
Optional[Variant[String, Hash]] $content = undef,
66+
Optional[String] $source = undef,
67+
Boolean $validate_tls = $elasticsearch::validate_tls,
6868
) {
69+
$api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive {
70+
$api_basic_auth_password.unwrap
71+
} else {
72+
$api_basic_auth_password
73+
}
74+
6975
if $content =~ String {
7076
$_content = parsejson($content)
7177
} else {
@@ -92,7 +98,7 @@
9298
port => $api_port,
9399
timeout => $api_timeout,
94100
username => $api_basic_auth_username,
95-
password => $api_basic_auth_password,
101+
password => $api_basic_auth_password_unsensitive,
96102
ca_file => $api_ca_file,
97103
ca_path => $api_ca_path,
98104
validate_tls => $validate_tls,

types/multipath.pp

+2
Original file line numberDiff line numberDiff line change
@@ -1 +1,3 @@
1+
# @ summary Puppet-Type for Elasticsearch's Multipath
2+
#
13
type Elasticsearch::Multipath = Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath]

types/status.pp

+2
Original file line numberDiff line numberDiff line change
@@ -1 +1,3 @@
1+
# @summary Puppet-Type for Elasticsearch's Status
2+
#
13
type Elasticsearch::Status = Enum['enabled', 'disabled', 'running', 'unmanaged']

0 commit comments

Comments
 (0)