Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F9312037
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
11 KB
Subscribers
None
View Options
diff --git a/lib/puppet/type/ceph_config.rb b/lib/puppet/type/ceph_config.rb
index 6b36d3a..dcfaeed 100644
--- a/lib/puppet/type/ceph_config.rb
+++ b/lib/puppet/type/ceph_config.rb
@@ -1,49 +1,73 @@
# Copyright (C) Dan Bode <bodepd@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Author: Dan Bode <bodepd@gmail.com>
# Author: Mathieu Gagne <mgagne>
Puppet::Type.newtype(:ceph_config) do
ensurable
newparam(:name, :namevar => true) do
desc 'Section/setting name to manage from ./ceph.conf'
newvalues(/\S+\/\S+/)
end
# required in order to be able to unit test file contents
# Note: purge will not work on over-ridden file_path
# lifted from ini_file
newparam(:path) do
desc 'A file path to over ride the default file path if necessary'
validate do |value|
unless (Puppet.features.posix? and value =~ /^\//) or (Puppet.features.microsoft_windows? and (value =~ /^.:\// or value =~ /^\/\/[^\/]+\/[^\/]+/))
raise(Puppet::Error, "File paths must be fully qualified, not '#{value}'")
end
end
defaultto false
end
newproperty(:value) do
desc 'The value of the setting to be defined.'
munge do |value|
value = value.to_s.strip
value.downcase! if value =~ /^(true|false)$/i
value
end
+
+ def is_to_s( currentvalue )
+ if resource.secret?
+ return '[old secret redacted]'
+ else
+ return currentvalue
+ end
+ end
+
+ def should_to_s( newvalue )
+ if resource.secret?
+ return '[new secret redacted]'
+ else
+ return newvalue
+ end
+ end
+ end
+
+ newparam(:secret, :boolean => true) do
+ desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
+
+ newvalues(:true, :false)
+
+ defaultto false
end
end
diff --git a/manifests/rgw/keystone.pp b/manifests/rgw/keystone.pp
index 02735a2..4b88926 100644
--- a/manifests/rgw/keystone.pp
+++ b/manifests/rgw/keystone.pp
@@ -1,100 +1,100 @@
#
# Copyright (C) 2014 Catalyst IT Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Author: Ricardo Rocha <ricardo@catalyst.net.nz>
#
# Configures keystone auth/authz for the ceph radosgw.
#
### == Name
# # The RGW id. An alphanumeric string uniquely identifying the RGW.
# ( example: radosgw.gateway )
#
### == Parameters
#
# [*rgw_keystone_admin_domain*]
# (Required) The name of OpenStack domain with admin
# privilege when using OpenStack Identity API v3.
#
# [*rgw_keystone_admin_project*]
# (Optional) The name of OpenStack project with admin
# privilege when using OpenStack Identity API v3
#
# [*rgw_keystone_admin_user*]
# (Required) The user name of OpenStack tenant with admin
# privilege (Service Tenant).
#
# [*rgw_keystone_admin_password*]
# (Required) The password for OpenStack admin user.
#
# [*rgw_keystone_url*]
# (Optional) The internal or admin url for keystone.
# Defaults to 'http://127.0.0.1:5000'
#
# [*rgw_keystone_accepted_roles*]
# (Optional) Roles to accept from keystone.
# Comma separated list of roles.
# Defaults to 'member'
#
# [*rgw_keystone_token_cache_size*]
# (Optional) How many tokens to keep cached.
# Defaults to 500
#
# [*rgw_s3_auth_use_keystone*]
# (Optional) Whether to enable keystone auth for S3.
# Defaults to true
#
# [*rgw_keystone_implicit_tenants*]
# (Optional) Set 'true' for a private tenant for each user.
# Defaults to true
#
define ceph::rgw::keystone (
$rgw_keystone_admin_domain,
$rgw_keystone_admin_project,
$rgw_keystone_admin_user,
$rgw_keystone_admin_password,
$rgw_keystone_url = 'http://127.0.0.1:5000',
$rgw_keystone_accepted_roles = 'member',
$rgw_keystone_token_cache_size = 500,
$rgw_s3_auth_use_keystone = true,
$rgw_keystone_implicit_tenants = true,
) {
unless $name =~ /^radosgw\..+/ {
fail("Define name must be started with 'radosgw.'")
}
ceph_config {
"client.${name}/rgw_keystone_url": value => $rgw_keystone_url;
"client.${name}/rgw_keystone_accepted_roles": value => join(any2array($rgw_keystone_accepted_roles), ',');
"client.${name}/rgw_keystone_token_cache_size": value => $rgw_keystone_token_cache_size;
"client.${name}/rgw_s3_auth_use_keystone": value => $rgw_s3_auth_use_keystone;
"client.${name}/rgw_keystone_implicit_tenants": value => $rgw_keystone_implicit_tenants;
}
# FIXME(ykarel) Cleanup once https://tracker.ceph.com/issues/24228 is fixed for luminous
if ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
ceph_config {
"client.${name}/rgw_ldap_secret": value => '';
}
}
ceph_config {
"client.${name}/rgw_keystone_api_version": value => 3;
"client.${name}/rgw_keystone_admin_domain": value => $rgw_keystone_admin_domain;
"client.${name}/rgw_keystone_admin_project": value => $rgw_keystone_admin_project;
"client.${name}/rgw_keystone_admin_user": value => $rgw_keystone_admin_user;
- "client.${name}/rgw_keystone_admin_password": value => $rgw_keystone_admin_password;
+ "client.${name}/rgw_keystone_admin_password": value => $rgw_keystone_admin_password, secret => true;
}
}
diff --git a/releasenotes/notes/ceph_config-secret-211b7aa50e393b47.yaml b/releasenotes/notes/ceph_config-secret-211b7aa50e393b47.yaml
new file mode 100644
index 0000000..9669d3d
--- /dev/null
+++ b/releasenotes/notes/ceph_config-secret-211b7aa50e393b47.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ Now the ``ceph_config`` resource type supports the new ``secret`` property.
+ When this property is set to ``true``, value of the parameter is hidden
+ from puppet logs.
diff --git a/spec/defines/ceph_rgw_keystone_spec.rb b/spec/defines/ceph_rgw_keystone_spec.rb
index b411c1e..210532c 100644
--- a/spec/defines/ceph_rgw_keystone_spec.rb
+++ b/spec/defines/ceph_rgw_keystone_spec.rb
@@ -1,107 +1,107 @@
#
# Copyright (C) 2014 Catalyst IT Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Author: Ricardo Rocha <ricardo@catalyst.net.nz>
#
require 'spec_helper'
describe 'ceph::rgw::keystone' do
shared_examples 'ceph::rgw::keystone' do
context 'create with default params' do
let :pre_condition do
"include ceph::params
class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' }
class { 'ceph::repo': }
include ceph
ceph::rgw { 'radosgw.gateway': }"
end
let :title do
'radosgw.gateway'
end
let :params do
{
:rgw_keystone_admin_domain => 'default',
:rgw_keystone_admin_project => 'openstack',
:rgw_keystone_admin_user => 'rgwuser',
:rgw_keystone_admin_password => '123456',
}
end
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_api_version').with_value(3) }
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_domain').with_value('default') }
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_project').with_value('openstack') }
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_user').with_value('rgwuser') }
- it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_password').with_value('123456') }
+ it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_password').with_value('123456').with_secret(true) }
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_url').with_value('http://127.0.0.1:5000') }
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_accepted_roles').with_value('member') }
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_token_cache_size').with_value(500) }
it { should contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) }
it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_implicit_tenants').with_value(true) }
end
context 'create with custom params' do
let :pre_condition do
"include ceph::params
class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' }
class { 'ceph::repo': }
ceph::rgw { 'radosgw.custom': }"
end
let :title do
'radosgw.custom'
end
let :params do
{
:rgw_keystone_admin_domain => 'default',
:rgw_keystone_admin_project => 'openstack',
:rgw_keystone_admin_user => 'rgwuser',
:rgw_keystone_admin_password => '123456',
:rgw_keystone_url => 'http://keystone.custom:5000',
:rgw_keystone_accepted_roles => '_role1_,role2',
:rgw_keystone_token_cache_size => 100,
:rgw_s3_auth_use_keystone => false,
:rgw_keystone_implicit_tenants => false,
}
end
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_api_version').with_value(3) }
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_domain').with_value('default') }
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_project').with_value('openstack') }
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_user').with_value('rgwuser') }
- it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_password').with_value('123456') }
+ it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_password').with_value('123456').with_secret(true) }
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_url').with_value('http://keystone.custom:5000') }
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_accepted_roles').with_value('_role1_,role2') }
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_token_cache_size').with_value(100) }
it { should contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) }
it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_implicit_tenants').with_value(false) }
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ceph::rgw::keystone'
end
end
end
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Thu, Jul 3, 10:40 AM (2 w, 3 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3293324
Attached To
rSPCEPH Puppet manifests for Ceph
Event Timeline
Log In to Comment