From e81fcf1c2099f70cc590cc6122ebd0a0d060217e Mon Sep 17 00:00:00 2001 From: Cocker Koch Date: Fri, 18 Jun 2021 01:08:59 +0200 Subject: [PATCH] - let api_basic_auth_password also be of Type Sensitive --- manifests/index.pp | 29 ++++++++++++++---------- manifests/init.pp | 2 +- manifests/license.pp | 30 ++++++++++++++---------- manifests/pipeline.pp | 29 ++++++++++++++---------- manifests/snapshot_repository.pp | 39 ++++++++++++++++++-------------- manifests/template.pp | 32 +++++++++++++++----------- 6 files changed, 94 insertions(+), 67 deletions(-) diff --git a/manifests/index.pp b/manifests/index.pp index 1f58ad59a..8eb1d3069 100644 --- a/manifests/index.pp +++ b/manifests/index.pp @@ -43,18 +43,23 @@ # @author Tyler Langlois # define elasticsearch::index ( - Enum['absent', 'present'] $ensure = 'present', - Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, - Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, - Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, - Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, - String $api_host = $elasticsearch::api_host, - Integer[0, 65535] $api_port = $elasticsearch::api_port, - Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, - Integer $api_timeout = $elasticsearch::api_timeout, - Hash $settings = {}, - Boolean $validate_tls = $elasticsearch::validate_tls, + Enum['absent', 'present'] $ensure = 'present', + Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, + Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, + Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, + Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, + String $api_host = $elasticsearch::api_host, + Integer[0, 65535] $api_port = $elasticsearch::api_port, + Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, + Integer $api_timeout = $elasticsearch::api_timeout, + Hash $settings = {}, + Boolean $validate_tls = $elasticsearch::validate_tls, ) { + $api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive { + $api_basic_auth_password.unwrap + } else { + $api_basic_auth_password + } es_instance_conn_validator { "${name}-index-conn-validator": server => $api_host, @@ -69,7 +74,7 @@ port => $api_port, timeout => $api_timeout, username => $api_basic_auth_username, - password => $api_basic_auth_password, + password => $api_basic_auth_password_unsensitive, ca_file => $api_ca_file, ca_path => $api_ca_path, validate_tls => $validate_tls, diff --git a/manifests/init.pp b/manifests/init.pp index f10e181f8..c6e1b6386 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -325,7 +325,7 @@ # class elasticsearch ( Enum['absent', 'present'] $ensure, - Optional[String] $api_basic_auth_password, + Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password, Optional[String] $api_basic_auth_username, Optional[String] $api_ca_file, Optional[String] $api_ca_path, diff --git a/manifests/license.pp b/manifests/license.pp index 866b85775..1a032447f 100644 --- a/manifests/license.pp +++ b/manifests/license.pp @@ -42,18 +42,24 @@ # @author Tyler Langlois # class elasticsearch::license ( - Enum['absent', 'present'] $ensure = 'present', - Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, - Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, - Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, - Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, - String $api_host = $elasticsearch::api_host, - Integer[0, 65535] $api_port = $elasticsearch::api_port, - Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, - Integer $api_timeout = $elasticsearch::api_timeout, - Variant[String, Hash] $content = $elasticsearch::license, - Boolean $validate_tls = $elasticsearch::validate_tls, + Enum['absent', 'present'] $ensure = 'present', + Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, + Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, + Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, + Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, + String $api_host = $elasticsearch::api_host, + Integer[0, 65535] $api_port = $elasticsearch::api_port, + Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, + Integer $api_timeout = $elasticsearch::api_timeout, + Variant[String, Hash] $content = $elasticsearch::license, + Boolean $validate_tls = $elasticsearch::validate_tls, ) { + $api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive { + $api_basic_auth_password.unwrap + } else { + $api_basic_auth_password + } + if $content =~ String { $_content = parsejson($content) } else { @@ -80,7 +86,7 @@ port => $api_port, timeout => $api_timeout, username => $api_basic_auth_username, - password => $api_basic_auth_password, + password => $api_basic_auth_password_unsensitive, ca_file => $api_ca_file, ca_path => $api_ca_path, validate_tls => $validate_tls, diff --git a/manifests/pipeline.pp b/manifests/pipeline.pp index 4571ba89d..655e003ea 100644 --- a/manifests/pipeline.pp +++ b/manifests/pipeline.pp @@ -45,18 +45,23 @@ # @author Tyler Langlois # define elasticsearch::pipeline ( - Enum['absent', 'present'] $ensure = 'present', - Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, - Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, - Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, - Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, - String $api_host = $elasticsearch::api_host, - Integer[0, 65535] $api_port = $elasticsearch::api_port, - Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, - Integer $api_timeout = $elasticsearch::api_timeout, - Hash $content = {}, - Boolean $validate_tls = $elasticsearch::validate_tls, + Enum['absent', 'present'] $ensure = 'present', + Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, + Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, + Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, + Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, + String $api_host = $elasticsearch::api_host, + Integer[0, 65535] $api_port = $elasticsearch::api_port, + Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, + Integer $api_timeout = $elasticsearch::api_timeout, + Hash $content = {}, + Boolean $validate_tls = $elasticsearch::validate_tls, ) { + $api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive { + $api_basic_auth_password.unwrap + } else { + $api_basic_auth_password + } es_instance_conn_validator { "${name}-ingest-pipeline": server => $api_host, @@ -71,7 +76,7 @@ port => $api_port, timeout => $api_timeout, username => $api_basic_auth_username, - password => $api_basic_auth_password, + password => $api_basic_auth_password_unsensitive, ca_file => $api_ca_file, ca_path => $api_ca_path, validate_tls => $validate_tls, diff --git a/manifests/snapshot_repository.pp b/manifests/snapshot_repository.pp index 1906194ea..a246a7cc9 100644 --- a/manifests/snapshot_repository.pp +++ b/manifests/snapshot_repository.pp @@ -60,23 +60,28 @@ # @author Tyler Langlois # define elasticsearch::snapshot_repository ( - String $location, - Enum['absent', 'present'] $ensure = 'present', - Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, - Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, - Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, - Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, - String $api_host = $elasticsearch::api_host, - Integer[0, 65535] $api_port = $elasticsearch::api_port, - Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, - Integer $api_timeout = $elasticsearch::api_timeout, - Boolean $compress = true, - Optional[String] $chunk_size = undef, - Optional[String] $max_restore_rate = undef, - Optional[String] $max_snapshot_rate = undef, - Optional[String] $repository_type = undef, - Boolean $validate_tls = $elasticsearch::validate_tls, + String $location, + Enum['absent', 'present'] $ensure = 'present', + Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, + Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, + Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, + Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, + String $api_host = $elasticsearch::api_host, + Integer[0, 65535] $api_port = $elasticsearch::api_port, + Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, + Integer $api_timeout = $elasticsearch::api_timeout, + Boolean $compress = true, + Optional[String] $chunk_size = undef, + Optional[String] $max_restore_rate = undef, + Optional[String] $max_snapshot_rate = undef, + Optional[String] $repository_type = undef, + Boolean $validate_tls = $elasticsearch::validate_tls, ) { + $api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive { + $api_basic_auth_password.unwrap + } else { + $api_basic_auth_password + } es_instance_conn_validator { "${name}-snapshot": server => $api_host, @@ -96,7 +101,7 @@ port => $api_port, timeout => $api_timeout, username => $api_basic_auth_username, - password => $api_basic_auth_password, + password => $api_basic_auth_password_unsensitive, ca_file => $api_ca_file, ca_path => $api_ca_path, validate_tls => $validate_tls, diff --git a/manifests/template.pp b/manifests/template.pp index 3f1e07232..ef615c685 100644 --- a/manifests/template.pp +++ b/manifests/template.pp @@ -53,19 +53,25 @@ # @author Tyler Langlois # define elasticsearch::template ( - Enum['absent', 'present'] $ensure = 'present', - Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, - Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, - Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, - Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, - String $api_host = $elasticsearch::api_host, - Integer[0, 65535] $api_port = $elasticsearch::api_port, - Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, - Integer $api_timeout = $elasticsearch::api_timeout, - Optional[Variant[String, Hash]] $content = undef, - Optional[String] $source = undef, - Boolean $validate_tls = $elasticsearch::validate_tls, + Enum['absent', 'present'] $ensure = 'present', + Optional[Variant[String, Sensitive[String]]] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, + Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, + Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, + Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, + String $api_host = $elasticsearch::api_host, + Integer[0, 65535] $api_port = $elasticsearch::api_port, + Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, + Integer $api_timeout = $elasticsearch::api_timeout, + Optional[Variant[String, Hash]] $content = undef, + Optional[String] $source = undef, + Boolean $validate_tls = $elasticsearch::validate_tls, ) { + $api_basic_auth_password_unsensitive = if $api_basic_auth_password =~ Sensitive { + $api_basic_auth_password.unwrap + } else { + $api_basic_auth_password + } + if $content =~ String { $_content = parsejson($content) } else { @@ -92,7 +98,7 @@ port => $api_port, timeout => $api_timeout, username => $api_basic_auth_username, - password => $api_basic_auth_password, + password => $api_basic_auth_password_unsensitive, ca_file => $api_ca_file, ca_path => $api_ca_path, validate_tls => $validate_tls,