Page MenuHomeSoftware Heritage
Files F9340909

D8492.id30582.diff
No OneTemporary
Actions

D8492.id30582.diff
View Options

diff --git a/data/common/common.yaml b/data/common/common.yaml
--- a/data/common/common.yaml
+++ b/data/common/common.yaml
@@ -2838,6 +2838,8 @@
swh::deploy::indexer_journal_client::content_mimetype::config_file: "content_mimetype.yml"
swh::deploy::indexer_journal_client::content_mimetype::loglevel: INFO
+swh::deploy::indexer_journal_client::content_mimetype::journal_authentication: true
+
# Contains a password: in private data
swh::deploy::indexer_journal_client::content_mimetype::config:
# FIXME: Required by BaseIndexer class code, unused in this context though
@@ -2858,6 +2860,7 @@
swh::deploy::indexer_journal_client::content_fossology_license::config_file: "content_fossology_license.yml"
swh::deploy::indexer_journal_client::content_fossology_license::loglevel: INFO
+swh::deploy::indexer_journal_client::content_fossology_license::journal_authentication: true
# Contains a password: in private data
swh::deploy::indexer_journal_client::content_fossology_license::config:
# FIXME: Required by BaseIndexer class code, unused in this context though
@@ -2878,6 +2881,7 @@
swh::deploy::indexer_journal_client::extrinsic_metadata::config_file: "extrinsic_metadata.yml"
swh::deploy::indexer_journal_client::extrinsic_metadata::loglevel: INFO
+swh::deploy::indexer_journal_client::extrinsic_metadata::journal_authentication: true
swh::deploy::indexer_journal_client::extrinsic_metadata::config:
# FIXME: Required by BaseIndexer class code, unused in this context though
scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}"
@@ -2896,6 +2900,7 @@
swh::deploy::indexer_journal_client::origin_intrinsic_metadata::config_file: "origin_intrinsic_metadata.yml"
swh::deploy::indexer_journal_client::origin_intrinsic_metadata::batch_size: 200
swh::deploy::indexer_journal_client::origin_intrinsic_metadata::loglevel: INFO
+swh::deploy::indexer_journal_client::origin_intrinsic_metadata::journal_authentication: true
swh::deploy::indexer_journal_client::origin_intrinsic_metadata::config:
# FIXME: Required by BaseIndexer class code, unused in this context though
scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}"
diff --git a/data/deployments/staging/common.yaml b/data/deployments/staging/common.yaml
--- a/data/deployments/staging/common.yaml
+++ b/data/deployments/staging/common.yaml
@@ -390,4 +390,9 @@
swh::deploy::maven_index_exporter::url: maven-exporter.internal.staging.swh.network
swh::deploy::indexer_journal_client::origin_intrinsic_metadata::batch_size: 100
+swh::deploy::indexer_journal_client::content_mimetype::journal_authentication: false
+swh::deploy::indexer_journal_client::content_fossology_license::journal_authentication: false
+swh::deploy::indexer_journal_client::extrinsic_metadata::journal_authentication: false
+swh::deploy::indexer_journal_client::origin_intrinsic_metadata::journal_authentication: false
+
cassandra::default_cluster_name: archive_staging
diff --git a/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp b/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp
--- a/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp
+++ b/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp
@@ -24,12 +24,35 @@
$sentry_environment = lookup("swh::deploy::indexer::sentry_environment", Optional[String], "first", undef)
$sentry_swh_package = lookup("swh::deploy::indexer::sentry_swh_package", Optional[String], "first", undef)
+ # Optional authentication
+ $journal_authentication = lookup("swh::deploy::indexer_journal_client::${instance_name}::journal_authentication")
+
+ if $journal_authentication {
+ $username = lookup('swh::deploy::indexer_journal_client::journal::username')
+ $password = lookup('swh::deploy::indexer_journal_client::journal::password')
+ # Integrate authentication configuration entries into the $config dict
+ $suffix_group_id = $config["journal"]["group_id"]
+ # Subtility about ACL which requires the group id to be prefixed by the username
+ $group_id = "${username}-${suffix_group_id}"
+ $full_config = deep_merge($config, {
+ "journal" => {
+ "group_id" => $group_id,
+ "sasl.mechanism" => "SCRAM-SHA-512",
+ "security.protocol" => "SASL_SSL",
+ "sasl.username" => $username,
+ "sasl.password" => $password,
+ },
+ })
+ } else {
+ $full_config = $config
+ }
+
file {$config_path:
ensure => present,
owner => "root",
group => $::profile::swh::deploy::base_indexer::group,
mode => "0640",
- content => inline_yaml($config),
+ content => inline_yaml($full_config),
notify => Service[$service_name],
require => File[$config_directory],
}

File Metadata

Mime Type
text/plain
Expires
Thu, Jul 3, 11:19 AM (3 w, 4 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3232490

Event Timeline

About · Developer information · Legal