From 16b06320cd3bb3121446717c05b6bc13ae2ff133 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 27 Jul 2011 18:41:27 +0200 Subject: init of trocla module --- Modulefile | 9 +++++++++ README | 4 ++++ lib/puppet/parser/functions/trocla.rb | 7 +++++++ lib/puppet/parser/functions/trocla_get.rb | 9 +++++++++ lib/puppet/util/trocla_helper.rb | 31 +++++++++++++++++++++++++++++++ manifests/config.pp | 8 ++++++++ manifests/master.pp | 17 +++++++++++++++++ manifests/master/ree.pp | 14 ++++++++++++++ metadata.json | 21 +++++++++++++++++++++ 9 files changed, 120 insertions(+) create mode 100644 Modulefile create mode 100644 README create mode 100644 lib/puppet/parser/functions/trocla.rb create mode 100644 lib/puppet/parser/functions/trocla_get.rb create mode 100644 lib/puppet/util/trocla_helper.rb create mode 100644 manifests/config.pp create mode 100644 manifests/master.pp create mode 100644 manifests/master/ree.pp create mode 100644 metadata.json diff --git a/Modulefile b/Modulefile new file mode 100644 index 0000000..379f8d8 --- /dev/null +++ b/Modulefile @@ -0,0 +1,9 @@ +name 'duritong-trocla' +version '0.0.1' + +author 'duritong' +license '' +project_page 'https://github.com/duritong/trocla' +source 'https://github.com/duritong/puppet-trocla' +summary '' +description 'Query/Use trocla (https://github.com/duritong/trocla) from puppet' diff --git a/README b/README new file mode 100644 index 0000000..89d397a --- /dev/null +++ b/README @@ -0,0 +1,4 @@ +trocla + +This is the trocla module. It provides the necessary function to query +trocla from puppet, as well as a puppet class to setup things on the puppetmaster. diff --git a/lib/puppet/parser/functions/trocla.rb b/lib/puppet/parser/functions/trocla.rb new file mode 100644 index 0000000..9fa06bb --- /dev/null +++ b/lib/puppet/parser/functions/trocla.rb @@ -0,0 +1,7 @@ +module Puppet::Parser::Functions + newfunction(:trocla, :type => :rvalue) do |*args| + require File.dirname(__FILE__) + '/../../util/trocla_helper' + + Puppet::Util::TroclaHelper.trocla(:password,true,*args) + end +end \ No newline at end of file diff --git a/lib/puppet/parser/functions/trocla_get.rb b/lib/puppet/parser/functions/trocla_get.rb new file mode 100644 index 0000000..ed8eeab --- /dev/null +++ b/lib/puppet/parser/functions/trocla_get.rb @@ -0,0 +1,9 @@ +module Puppet::Parser::Functions + newfunction(:trocla_get, :type => :rvalue) do |*args| + require File.dirname(__FILE__) + '/../../util/trocla_helper' + if (answer=Puppet::Util::TroclaHelper.trocla(:get_password,false,*args)).nil? + raise(Puppet::ParseError, "No password for key,format #{args.flatten.inspect} found!") + end + answer + end +end \ No newline at end of file diff --git a/lib/puppet/util/trocla_helper.rb b/lib/puppet/util/trocla_helper.rb new file mode 100644 index 0000000..8187d08 --- /dev/null +++ b/lib/puppet/util/trocla_helper.rb @@ -0,0 +1,31 @@ +module Puppet::Util::TroclaHelper + def trocla(trocla_func,has_options,*args) + # Functions called from puppet manifests that look like this: + # lookup("foo", "bar") + # internally in puppet are invoked: func(["foo", "bar"]) + # + # where as calling from templates should work like this: + # scope.function_lookup("foo", "bar") + # + # Therefore, declare this function with args '*args' to accept any number + # of arguments and deal with puppet's special calling mechanism now: + if args[0].is_a?(Array) + args = args[0] + end + + key = args[0] || raise(Puppet::ParseError, "You need to pass at least a key as an argument!") + format = args[1] || 'plain' + options = args[2] || {} + + configfile = File.join(File.dirname(Puppet.settings[:config]), "trocla.yaml") + + raise(Puppet::ParseError, "Trocla config file #{configfile} not readable") unless File.exist?(configfile) + raise(Puppet::ParseError, "You need rubygems to use Trocla") unless Puppet.features.rubygems? + + require 'rubygems' + require 'trocla' + + has_options ? Trocla.new(configfile).send(trocla_func, key, format, options) : Trocla.new(configfile).send(trocla_func, key, format) + end + module_function :trocla +end \ No newline at end of file diff --git a/manifests/config.pp b/manifests/config.pp new file mode 100644 index 0000000..3a4a356 --- /dev/null +++ b/manifests/config.pp @@ -0,0 +1,8 @@ +class trocla::config { + file{"${settings::confdir}/trocla.yaml": + source => [ "puppet:///modules/site-trocla/${fqdn}/trocla.yaml", + 'puppet:///modules/site-trocla/trocla.yaml' ], + require => Package['trocla'], + owner => root, group => puppet, mode => 0640; + } +} diff --git a/manifests/master.pp b/manifests/master.pp new file mode 100644 index 0000000..62c975e --- /dev/null +++ b/manifests/master.pp @@ -0,0 +1,17 @@ +# Class: trocla::master +# +# This module manages the necessary things for trocla on a master. +# +# [Remember: No empty lines between comments and class definition] +class trocla::master { + + require rubygems::moneta + require rubygems::highline + + package{'trocla': + ensure => present, + provider => gem, + } + + include trocla::config +} diff --git a/manifests/master/ree.pp b/manifests/master/ree.pp new file mode 100644 index 0000000..92cc07b --- /dev/null +++ b/manifests/master/ree.pp @@ -0,0 +1,14 @@ +# Class: trocla::master::ree +# +# This module manages the necessary things for trocla on a master. +# +# [Remember: No empty lines between comments and class definition] +class trocla::master::ree { + + require ruby-enterprise::gems::moneta + require ruby-enterprise::gems::highline + + ruby-enterprise::gem{'trocla': } + + include trocla::config +} diff --git a/metadata.json b/metadata.json new file mode 100644 index 0000000..427a2e4 --- /dev/null +++ b/metadata.json @@ -0,0 +1,21 @@ +{ + "name": "duritong-trocla", + "author": "duritong", + "description": "Query/Use trocla (https://github.com/duritong/trocla) from puppet", + "license": "", + "project_page": "https://github.com/duritong/trocla", + "source": "https://github.com/duritong/puppet-trocla", + "summary": "", + "version": "0.0.1", + "checksums": { + "Modulefile": "431cf06775a63c7cffa657b0d0911efd", + "README": "d4025a6e12d37adb7b8317bc89a2f807", + "lib/puppet/parser/functions/trocla.rb": "9d9e2472b99079dcec1bcbb5e4e74db2", + "lib/puppet/parser/functions/trocla_get.rb": "2a140366c2506d93c9705ae3705942d2", + "lib/puppet/util/trocla_helper.rb": "7da306ce8fa229bdc6d0e37a50087a6a", + "manifests/config.pp": "2160ee7d4089d6c3d15379d2f9789242", + "manifests/master.pp": "938d8681cdc1f8fadc5c2dc63447ee64", + "manifests/master/ree.pp": "f48611c532170c9fb7f73017a8df1f6f" + }, + "dependencies": [] +} \ No newline at end of file -- cgit v1.2.3 From d36c75a9597a1c31f448c530c17cebb72193306b Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 27 Jul 2011 19:12:55 +0200 Subject: make a better config deployment --- manifests/config.pp | 25 +++++++++++++++++++------ manifests/master.pp | 2 -- manifests/master/ree.pp | 2 -- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index 3a4a356..78f5602 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,8 +1,21 @@ -class trocla::config { - file{"${settings::confdir}/trocla.yaml": - source => [ "puppet:///modules/site-trocla/${fqdn}/trocla.yaml", - 'puppet:///modules/site-trocla/trocla.yaml' ], - require => Package['trocla'], - owner => root, group => puppet, mode => 0640; +class trocla::config($ruby='system') { + if $trocla::default_config::ruby == 'system' or $trocla::default_config::ruby == 'both' { + require trocla::master + } + if $trocla::default_config::ruby == 'ree' or $trocla::default_config::ruby == 'both' { + require trocla::master::ree + } + + # deploy default config file and link it for trocla cli lookup + file{ + "${settings::confdir}/trocla.yaml": + content => "---\nadapter_options:\n :path: ${settings::confdir}/trocla_data.yaml\n", + owner => root, group => puppet, mode => 0640; + '/etc/trocla.yaml': + ensure => link, + target => "${settings::confdir}/trocla.yaml", + "${settings::confdir}/trocla_data.yaml": + ensure => present, + owner => puppet, group => 0, mode => 0600; } } diff --git a/manifests/master.pp b/manifests/master.pp index 62c975e..2748b73 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -12,6 +12,4 @@ class trocla::master { ensure => present, provider => gem, } - - include trocla::config } diff --git a/manifests/master/ree.pp b/manifests/master/ree.pp index 92cc07b..08d9a8e 100644 --- a/manifests/master/ree.pp +++ b/manifests/master/ree.pp @@ -9,6 +9,4 @@ class trocla::master::ree { require ruby-enterprise::gems::highline ruby-enterprise::gem{'trocla': } - - include trocla::config } -- cgit v1.2.3 From 6457e95758e5c7aff9e995ab49fd032e3cb80b79 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 27 Jul 2011 19:32:49 +0200 Subject: fix typo --- manifests/config.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/config.pp b/manifests/config.pp index 78f5602..eb8a8ed 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -13,7 +13,7 @@ class trocla::config($ruby='system') { owner => root, group => puppet, mode => 0640; '/etc/trocla.yaml': ensure => link, - target => "${settings::confdir}/trocla.yaml", + target => "${settings::confdir}/trocla.yaml"; "${settings::confdir}/trocla_data.yaml": ensure => present, owner => puppet, group => 0, mode => 0600; -- cgit v1.2.3 From 8ffd1eab30b4bed765457c73ea40b994bff38b7e Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 27 Jul 2011 19:45:54 +0200 Subject: bring config filename in line with what trocla uses --- lib/puppet/util/trocla_helper.rb | 4 ++-- manifests/config.pp | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/puppet/util/trocla_helper.rb b/lib/puppet/util/trocla_helper.rb index 8187d08..ea4edee 100644 --- a/lib/puppet/util/trocla_helper.rb +++ b/lib/puppet/util/trocla_helper.rb @@ -17,7 +17,7 @@ module Puppet::Util::TroclaHelper format = args[1] || 'plain' options = args[2] || {} - configfile = File.join(File.dirname(Puppet.settings[:config]), "trocla.yaml") + configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") raise(Puppet::ParseError, "Trocla config file #{configfile} not readable") unless File.exist?(configfile) raise(Puppet::ParseError, "You need rubygems to use Trocla") unless Puppet.features.rubygems? @@ -28,4 +28,4 @@ module Puppet::Util::TroclaHelper has_options ? Trocla.new(configfile).send(trocla_func, key, format, options) : Trocla.new(configfile).send(trocla_func, key, format) end module_function :trocla -end \ No newline at end of file +end diff --git a/manifests/config.pp b/manifests/config.pp index eb8a8ed..9ce8730 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -8,12 +8,12 @@ class trocla::config($ruby='system') { # deploy default config file and link it for trocla cli lookup file{ - "${settings::confdir}/trocla.yaml": + "${settings::confdir}/troclarc.yaml": content => "---\nadapter_options:\n :path: ${settings::confdir}/trocla_data.yaml\n", owner => root, group => puppet, mode => 0640; - '/etc/trocla.yaml': + '/etc/troclarc.yaml': ensure => link, - target => "${settings::confdir}/trocla.yaml"; + target => "${settings::confdir}/troclarc.yaml"; "${settings::confdir}/trocla_data.yaml": ensure => present, owner => puppet, group => 0, mode => 0600; -- cgit v1.2.3 From 7374cf944fbc1b52c438ce7e5345f94427ea876e Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 3 Aug 2011 17:25:54 +0200 Subject: fix variable lookup --- manifests/config.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index 9ce8730..c53aef1 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,8 +1,8 @@ class trocla::config($ruby='system') { - if $trocla::default_config::ruby == 'system' or $trocla::default_config::ruby == 'both' { + if $trocla::config::ruby == 'system' or $trocla::config::ruby == 'both' { require trocla::master } - if $trocla::default_config::ruby == 'ree' or $trocla::default_config::ruby == 'both' { + if $trocla::config::ruby == 'ree' or $trocla::config::ruby == 'both' { require trocla::master::ree } -- cgit v1.2.3 From 20fdb3bcc7201bc86cfbddc269fe807a8e418963 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 3 Aug 2011 19:25:06 +0200 Subject: update doc --- README | 5 ++++- lib/puppet/parser/functions/trocla.rb | 26 ++++++++++++++++++++++++-- lib/puppet/parser/functions/trocla_get.rb | 23 +++++++++++++++++++++-- 3 files changed, 49 insertions(+), 5 deletions(-) diff --git a/README b/README index 89d397a..f51c4de 100644 --- a/README +++ b/README @@ -1,4 +1,7 @@ trocla This is the trocla module. It provides the necessary function to query -trocla from puppet, as well as a puppet class to setup things on the puppetmaster. +trocla from puppet, as well as a puppet class to setup things on the +puppetmaster. + +For more information about trocla visit: https://github.com/duritong/trocla diff --git a/lib/puppet/parser/functions/trocla.rb b/lib/puppet/parser/functions/trocla.rb index 9fa06bb..487d1fd 100644 --- a/lib/puppet/parser/functions/trocla.rb +++ b/lib/puppet/parser/functions/trocla.rb @@ -1,7 +1,29 @@ module Puppet::Parser::Functions - newfunction(:trocla, :type => :rvalue) do |*args| + newfunction(:trocla, :type => :rvalue, :doc => " +This will create or get a random password from the trocla storage. + +Usage: + + $password_user1 = trocla(key,[format='plain'[,options={}]]) + +Means: + + $password_user1 = trocla('user1') + +Create or get the plain text password for the key 'user1' + + $password_user2 = trocla('user2','mysql') + +Create or get the mysql style sha1 hashed password. + + $options_user3 = { 'username' => 'user3' } # Due to a puppet bug + # this needs to be assigned + # like that. + $password_user3 = trocla('user3','pgsql', $options_user3) + " + ) do |*args| require File.dirname(__FILE__) + '/../../util/trocla_helper' Puppet::Util::TroclaHelper.trocla(:password,true,*args) end -end \ No newline at end of file +end diff --git a/lib/puppet/parser/functions/trocla_get.rb b/lib/puppet/parser/functions/trocla_get.rb index ed8eeab..01c4e01 100644 --- a/lib/puppet/parser/functions/trocla_get.rb +++ b/lib/puppet/parser/functions/trocla_get.rb @@ -1,9 +1,28 @@ module Puppet::Parser::Functions - newfunction(:trocla_get, :type => :rvalue) do |*args| + newfunction(:trocla_get, :type => :rvalue, :doc => " + This will only get an already stored password from the trocla storage. + +Usage: + + $password_user1 = trocla_get(key,[format='plain']) + +Means: + + $password_user1 = trocla('user1') + +Get the plain text password for the key 'user1' + + $password_user2 = trocla_get('user2','mysql') + +Get the mysql style sha1 hashed password. + +It will raise a parse error if the password haven't yet been stored in trocla. +" + ) do |*args| require File.dirname(__FILE__) + '/../../util/trocla_helper' if (answer=Puppet::Util::TroclaHelper.trocla(:get_password,false,*args)).nil? raise(Puppet::ParseError, "No password for key,format #{args.flatten.inspect} found!") end answer end -end \ No newline at end of file +end -- cgit v1.2.3 From 0b59b4e84c8d3d2244294e625f0b916709959e28 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 5 Aug 2011 15:24:44 +0200 Subject: introduce trocla_set - useful to migrate existing manifests --- lib/puppet/parser/functions/trocla_set.rb | 65 +++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 lib/puppet/parser/functions/trocla_set.rb diff --git a/lib/puppet/parser/functions/trocla_set.rb b/lib/puppet/parser/functions/trocla_set.rb new file mode 100644 index 0000000..5b6079a --- /dev/null +++ b/lib/puppet/parser/functions/trocla_set.rb @@ -0,0 +1,65 @@ +module Puppet::Parser::Functions + newfunction(:trocla_set, :type => :rvalue, :doc => " + This will set a password/hash in the local storage and return itself, + or hashed in another format, if the password is present in plaintext or + in that specific hash format. + + This function is mainly useful to migrate from hashes in manifests to trocla only manifests. + +Usage: + + $password_user1 = trocla_set(key,value,[format='plain',[return_format,[options={}]]]) + +Means: + + $password_user1 = trocla_set('user1','mysecret') + +Will set and return 'mysecret' as plain password. + + $password_user2 = trocla_set('user2','*AAA...','mysql') + +Will set and return the sha1 hashed mysql password for the key user2. + + $password_user3 = trocla_set('user3','mysecret','plain','sha512crypt') + +Will set 'mysecret' as plain password, but return a newly created sha512crypt hash. + + $postgres_user4 = { username => 'user4' } + $password_user4 = trocla_set('user4','mysecret','plain','pgsql',$postgres_user4) + +Will set the plain password 'mysecret' and return a pgsql md5 hash for user5. + + $password_user2 = trocla_set('user2','*AAA...','mysql','sha512crypt') + +This will likely fail, except if you add the plain password or the sha512crypt hash manually to +trocla, for example via cli. +" +) do |*args| + if args[0].is_a?(Array) + args = args[0] + end + + key = args[0] + value = args[1] + raise(Puppet::ParseError, "You need to pass at least key & value as an argument!") if key.nil? || value.nil? + + format = args[2] || 'plain' + return_format = args[3] || format + options = args[4] || {} + + configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") + + raise(Puppet::ParseError, "Trocla config file #{configfile} not readable") unless File.exist?(configfile) + raise(Puppet::ParseError, "You need rubygems to use Trocla") unless Puppet.features.rubygems? + + require 'rubygems' + require 'trocla' + + result = (trocla=Trocla.new(configfile)).set_password(key,format,value) + if format != return_format && (result = trocla.get_password(key,return_format)).nil? + raise(Puppet::ParseError, "Plaintext password is not present, but required to return password in format #{return_format}") if (return_format == 'plain') || trocla.get_password(key,'plain').nil? + result = trocla.password(key,return_format,options) + end + result + end +end -- cgit v1.2.3 From abc6919245bca4c1965376fec4744df2329211a5 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 8 Aug 2011 00:22:23 +0200 Subject: wording --- lib/puppet/util/trocla_helper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/puppet/util/trocla_helper.rb b/lib/puppet/util/trocla_helper.rb index ea4edee..374d538 100644 --- a/lib/puppet/util/trocla_helper.rb +++ b/lib/puppet/util/trocla_helper.rb @@ -17,9 +17,9 @@ module Puppet::Util::TroclaHelper format = args[1] || 'plain' options = args[2] || {} - configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") + configfile = File.join(File.dirname(Puppet.settings[:config]), 'troclarc.yaml') - raise(Puppet::ParseError, "Trocla config file #{configfile} not readable") unless File.exist?(configfile) + raise(Puppet::ParseError, "Trocla config file #{configfile} is not readable") unless File.exist?(configfile) raise(Puppet::ParseError, "You need rubygems to use Trocla") unless Puppet.features.rubygems? require 'rubygems' -- cgit v1.2.3 From 64205c93a957bafdfb255a991844f2d7744f11b5 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 6 Sep 2011 15:02:51 +0200 Subject: as setting a hash first is a bit cumbersome, we provide the possibility to pass a yaml string --- lib/puppet/parser/functions/trocla.rb | 4 ++++ lib/puppet/util/trocla_helper.rb | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/puppet/parser/functions/trocla.rb b/lib/puppet/parser/functions/trocla.rb index 487d1fd..e042872 100644 --- a/lib/puppet/parser/functions/trocla.rb +++ b/lib/puppet/parser/functions/trocla.rb @@ -20,6 +20,10 @@ Create or get the mysql style sha1 hashed password. # this needs to be assigned # like that. $password_user3 = trocla('user3','pgsql', $options_user3) + +Options can also be passed as a yaml string: + + $password_user3 = trocla('user3','pgsql', \"username: 'user3'\") " ) do |*args| require File.dirname(__FILE__) + '/../../util/trocla_helper' diff --git a/lib/puppet/util/trocla_helper.rb b/lib/puppet/util/trocla_helper.rb index ea4edee..9a41c0e 100644 --- a/lib/puppet/util/trocla_helper.rb +++ b/lib/puppet/util/trocla_helper.rb @@ -16,7 +16,11 @@ module Puppet::Util::TroclaHelper key = args[0] || raise(Puppet::ParseError, "You need to pass at least a key as an argument!") format = args[1] || 'plain' options = args[2] || {} - + if options.is_a?(String) + require 'yaml' + options = YAML.load(options) + end + configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") raise(Puppet::ParseError, "Trocla config file #{configfile} not readable") unless File.exist?(configfile) -- cgit v1.2.3 From 2afdc26738eb78469e761b67ac4cb6152944cfc9 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 5 Jun 2012 16:16:47 +0200 Subject: new style for 2.7 --- manifests/master/ree.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/master/ree.pp b/manifests/master/ree.pp index 08d9a8e..ed981e0 100644 --- a/manifests/master/ree.pp +++ b/manifests/master/ree.pp @@ -5,8 +5,8 @@ # [Remember: No empty lines between comments and class definition] class trocla::master::ree { - require ruby-enterprise::gems::moneta - require ruby-enterprise::gems::highline + require ruby_enterprise::gems::moneta + require ruby_enterprise::gems::highline - ruby-enterprise::gem{'trocla': } + ruby_enterprise::gem{'trocla': } } -- cgit v1.2.3 From 69885ba60aed1e48b18424a93d4ccf2efc57b7f3 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 14 Jan 2013 23:02:47 +0100 Subject: adapt to new moneta version --- manifests/config.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/config.pp b/manifests/config.pp index c53aef1..a08d885 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -9,7 +9,7 @@ class trocla::config($ruby='system') { # deploy default config file and link it for trocla cli lookup file{ "${settings::confdir}/troclarc.yaml": - content => "---\nadapter_options:\n :path: ${settings::confdir}/trocla_data.yaml\n", + content => "---\nadapter_options:\n :file: ${settings::confdir}/trocla_data.yaml\n", owner => root, group => puppet, mode => 0640; '/etc/troclarc.yaml': ensure => link, -- cgit v1.2.3 From 27775313728aa85d8c127f7d37fccd97054fe965 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 14 Jan 2013 23:04:38 +0100 Subject: linting --- manifests/config.pp | 15 ++++++++++----- manifests/master.pp | 6 +++--- manifests/master/ree.pp | 2 +- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index a08d885..2c00684 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,3 +1,4 @@ +# deploy a trocla config class trocla::config($ruby='system') { if $trocla::config::ruby == 'system' or $trocla::config::ruby == 'both' { require trocla::master @@ -10,12 +11,16 @@ class trocla::config($ruby='system') { file{ "${settings::confdir}/troclarc.yaml": content => "---\nadapter_options:\n :file: ${settings::confdir}/trocla_data.yaml\n", - owner => root, group => puppet, mode => 0640; + owner => root, + group => puppet, + mode => '0640'; '/etc/troclarc.yaml': - ensure => link, - target => "${settings::confdir}/troclarc.yaml"; + ensure => link, + target => "${settings::confdir}/troclarc.yaml"; "${settings::confdir}/trocla_data.yaml": - ensure => present, - owner => puppet, group => 0, mode => 0600; + ensure => present, + owner => puppet, + group => 0, + mode => '0600'; } } diff --git a/manifests/master.pp b/manifests/master.pp index 2748b73..0123a56 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -7,9 +7,9 @@ class trocla::master { require rubygems::moneta require rubygems::highline - + package{'trocla': - ensure => present, - provider => gem, + ensure => present, + provider => gem, } } diff --git a/manifests/master/ree.pp b/manifests/master/ree.pp index ed981e0..c8d58f0 100644 --- a/manifests/master/ree.pp +++ b/manifests/master/ree.pp @@ -7,6 +7,6 @@ class trocla::master::ree { require ruby_enterprise::gems::moneta require ruby_enterprise::gems::highline - + ruby_enterprise::gem{'trocla': } } -- cgit v1.2.3 From 02bbc22223f53d979c1ab5724e26aa2ac4c22c7a Mon Sep 17 00:00:00 2001 From: Michael Franz Aigner Date: Thu, 28 Feb 2013 08:17:37 -0500 Subject: Removing calls to Puppet.features.rubygems? This makes the Gem usable in the latest Puppet versions. The handling of RubyGems got revised in Puppet 3.0.1-rc1: http://projects.puppetlabs.com/issues/16757 The new policy is that either bundler and/or rubygems are guaranteed to be loaded and initialized when the Puppet manifest is evaluated, making it unnecessary for Puppet modules to load rubygems. This new policy broke the puppet-trocla module. This is because 'Puppet.features.rubygems?' always evaluates to false now, which causes the module to abort the manifest compilation with a message informing about the necessity of RubyGems to be present. --- lib/puppet/parser/functions/trocla_set.rb | 4 +--- lib/puppet/util/trocla_helper.rb | 2 -- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/puppet/parser/functions/trocla_set.rb b/lib/puppet/parser/functions/trocla_set.rb index 5b6079a..c3c9b49 100644 --- a/lib/puppet/parser/functions/trocla_set.rb +++ b/lib/puppet/parser/functions/trocla_set.rb @@ -50,9 +50,7 @@ trocla, for example via cli. configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") raise(Puppet::ParseError, "Trocla config file #{configfile} not readable") unless File.exist?(configfile) - raise(Puppet::ParseError, "You need rubygems to use Trocla") unless Puppet.features.rubygems? - - require 'rubygems' + require 'trocla' result = (trocla=Trocla.new(configfile)).set_password(key,format,value) diff --git a/lib/puppet/util/trocla_helper.rb b/lib/puppet/util/trocla_helper.rb index 58ccf9c..64ef859 100644 --- a/lib/puppet/util/trocla_helper.rb +++ b/lib/puppet/util/trocla_helper.rb @@ -25,9 +25,7 @@ module Puppet::Util::TroclaHelper configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") raise(Puppet::ParseError, "Trocla config file #{configfile} is not readable") unless File.exist?(configfile) - raise(Puppet::ParseError, "You need rubygems to use Trocla") unless Puppet.features.rubygems? - require 'rubygems' require 'trocla' has_options ? Trocla.new(configfile).send(trocla_func, key, format, options) : Trocla.new(configfile).send(trocla_func, key, format) -- cgit v1.2.3 From fca65b8710668da4646e49cc91d7524f047ab116 Mon Sep 17 00:00:00 2001 From: Justice London Date: Fri, 12 Jul 2013 18:14:53 -0400 Subject: Release of 0.0.2 module which includes template base configuration for trocla CLI. --- Modulefile | 2 +- manifests/config.pp | 36 +++++++++++++++++++----------------- manifests/init.pp | 6 ++++++ manifests/master.pp | 14 +++++++++++--- metadata.json | 4 ++-- templates/troclarc.yaml.erb | 9 +++++++++ 6 files changed, 48 insertions(+), 23 deletions(-) create mode 100644 manifests/init.pp create mode 100644 templates/troclarc.yaml.erb diff --git a/Modulefile b/Modulefile index 379f8d8..792c689 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'duritong-trocla' -version '0.0.1' +version '0.0.2' author 'duritong' license '' diff --git a/manifests/config.pp b/manifests/config.pp index 2c00684..ebae2f1 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,26 +1,28 @@ -# deploy a trocla config -class trocla::config($ruby='system') { - if $trocla::config::ruby == 'system' or $trocla::config::ruby == 'both' { - require trocla::master - } - if $trocla::config::ruby == 'ree' or $trocla::config::ruby == 'both' { - require trocla::master::ree - } +#Installs configuration files for the trocla agent/CLI +# +#Options +# [*adapter*] Defines the adapter type to use for trocla agent. Generally YAML +# [*adapter_options*] This will contain a hash of the actual options to pass the +# trocla configuration. Generally you might pass the file option for key-file +# [*keysize*] Define the length of default passwords to create. 16 by default +class trocla::config ( + $adapter = undef, + $keysize = 16, + $adapter_options = { 'default' => '' }, +) { + require trocla::master - # deploy default config file and link it for trocla cli lookup +# Deploy default config file and link it for trocla cli lookup file{ "${settings::confdir}/troclarc.yaml": - content => "---\nadapter_options:\n :file: ${settings::confdir}/trocla_data.yaml\n", + ensure => present, + content => template('trocla/troclarc.yaml.erb'), owner => root, group => puppet, mode => '0640'; '/etc/troclarc.yaml': - ensure => link, - target => "${settings::confdir}/troclarc.yaml"; - "${settings::confdir}/trocla_data.yaml": - ensure => present, - owner => puppet, - group => 0, - mode => '0600'; + ensure => link, + target => "${settings::confdir}/troclarc.yaml"; } + } diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..cf5223e --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,6 @@ +#Main definition class for trocla. Just calls master +class trocla { + + include trocla::master + +} diff --git a/manifests/master.pp b/manifests/master.pp index 0123a56..5d5788f 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -5,10 +5,18 @@ # [Remember: No empty lines between comments and class definition] class trocla::master { - require rubygems::moneta - require rubygems::highline +# require rubygems::moneta +# require rubygems::highline - package{'trocla': + package { 'moneta': + ensure => present, + provider => gem, + } + package { 'highline': + ensure => present, + provider => gem, + } + package {'trocla': ensure => present, provider => gem, } diff --git a/metadata.json b/metadata.json index 427a2e4..dfb2a40 100644 --- a/metadata.json +++ b/metadata.json @@ -6,7 +6,7 @@ "project_page": "https://github.com/duritong/trocla", "source": "https://github.com/duritong/puppet-trocla", "summary": "", - "version": "0.0.1", + "version": "0.0.2", "checksums": { "Modulefile": "431cf06775a63c7cffa657b0d0911efd", "README": "d4025a6e12d37adb7b8317bc89a2f807", @@ -18,4 +18,4 @@ "manifests/master/ree.pp": "f48611c532170c9fb7f73017a8df1f6f" }, "dependencies": [] -} \ No newline at end of file +} diff --git a/templates/troclarc.yaml.erb b/templates/troclarc.yaml.erb new file mode 100644 index 0000000..3f473fe --- /dev/null +++ b/templates/troclarc.yaml.erb @@ -0,0 +1,9 @@ +--- +options: + random: true + length: <%= @keysize %> +adapter: :<%= @adapter %> +adapter_options: +<% @adapter_options.each do |key,value| -%> + :<%= key -%>: '<%= value -%>' +<% end -%> -- cgit v1.2.3 From 9fb3286e24548cb3a6a6722e57a005737246fb5a Mon Sep 17 00:00:00 2001 From: Justice London Date: Fri, 2 Aug 2013 15:56:32 -0400 Subject: Change to allow you to define to install rubygem requirements --- manifests/master.pp | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/manifests/master.pp b/manifests/master.pp index 5d5788f..64444b1 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -3,21 +3,33 @@ # This module manages the necessary things for trocla on a master. # # [Remember: No empty lines between comments and class definition] -class trocla::master { +class trocla::master ( + $install_deps = false, + $use_rubygems = true, +) { -# require rubygems::moneta -# require rubygems::highline - - package { 'moneta': - ensure => present, - provider => gem, + #Select if the upstream rubygems modules should be required for install + if $use_rubygems { + require rubygems::moneta + require rubygems::highline } - package { 'highline': - ensure => present, - provider => gem, + + #Manually install requirements via gem + if $install_deps { + package { 'moneta': + ensure => present, + provider => gem, + } + package { 'highline': + ensure => present, + provider => gem, + } } + + #Main trocla install package {'trocla': ensure => present, provider => gem, } + } -- cgit v1.2.3 From f7ac3063564d4560f5a80ea45e84011b127b0b62 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Oct 2013 09:28:54 +0200 Subject: remove init class, this confused ppl and better readme follows --- manifests/init.pp | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 manifests/init.pp diff --git a/manifests/init.pp b/manifests/init.pp deleted file mode 100644 index cf5223e..0000000 --- a/manifests/init.pp +++ /dev/null @@ -1,6 +0,0 @@ -#Main definition class for trocla. Just calls master -class trocla { - - include trocla::master - -} -- cgit v1.2.3 From 9da000c6511e85e030e431b7d951d325c2c98681 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Oct 2013 10:28:01 +0200 Subject: Improve the overall experience of the module. - Extending the README - Add a trocla::yaml class for a simple quickstart. - Fixes issues: #4 & #5 --- Modulefile | 2 +- README | 7 ------- README.md | 43 +++++++++++++++++++++++++++++++++++++++++++ manifests/config.pp | 26 +++++++++++++++++--------- manifests/dependencies.pp | 12 ++++++++++++ manifests/master.pp | 17 ++++++++--------- manifests/master/ree.pp | 3 ++- manifests/yaml.pp | 22 ++++++++++++++++++++++ templates/troclarc.yaml.erb | 8 +++++--- 9 files changed, 110 insertions(+), 30 deletions(-) delete mode 100644 README create mode 100644 README.md create mode 100644 manifests/dependencies.pp create mode 100644 manifests/yaml.pp diff --git a/Modulefile b/Modulefile index 792c689..b83e308 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'duritong-trocla' -version '0.0.2' +version '0.0.3' author 'duritong' license '' diff --git a/README b/README deleted file mode 100644 index f51c4de..0000000 --- a/README +++ /dev/null @@ -1,7 +0,0 @@ -trocla - -This is the trocla module. It provides the necessary function to query -trocla from puppet, as well as a puppet class to setup things on the -puppetmaster. - -For more information about trocla visit: https://github.com/duritong/trocla diff --git a/README.md b/README.md new file mode 100644 index 0000000..64dd756 --- /dev/null +++ b/README.md @@ -0,0 +1,43 @@ +# trocla + +This is the puppet module to manage a trocla installation on the puppet +master. It also, provides the necessary function to query trocla from puppet. + +To get a quick start you might be interested in using the `trocla::yaml` class +on your master. This will install trocla and setup it using the default YAML +storage backend for your master. There is no need to configure anything on the +clients if you do not want to use trocla on the clients itself. + +If you want to do your own very custom setup, you should look into the other +classes. + +## Other classes + +### trocla::config + +This is a class that manages a trocla configuration. You might use this +one if you do not use the default yaml setup. + +### trocla::master + +This class manages the installation of trocla itself. It will not configure +trocla, it will just install the necessary packages. + +### trocla::dependencies + +This class is used to install the necessary dependencies if you are not using +the rubygems module. See dependencies below for more information. + +## Dependencies + +By default this module requires the rubygems puppet module. If you want to +use trocla with ruby enterprise, you might be also interested in the +ruby_enterprise module. +If the dependencies should be managed internally, set: install_deps to `true`. + +You can also use this module with 0 dependencies by setting the option +use_rubygems to false. + +## Moar + +RTFC and for more information about trocla visit: https://github.com/duritong/trocla diff --git a/manifests/config.pp b/manifests/config.pp index ebae2f1..a3a6e01 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,18 +1,26 @@ #Installs configuration files for the trocla agent/CLI # #Options -# [*adapter*] Defines the adapter type to use for trocla agent. Generally YAML -# [*adapter_options*] This will contain a hash of the actual options to pass the -# trocla configuration. Generally you might pass the file option for key-file -# [*keysize*] Define the length of default passwords to create. 16 by default +# [*adapter*] Defines the adapter type to use for trocla agent. +# By default it's YAML +# [*adapter_options*] This will contain a hash of the adapter options to pass the +# trocla configuration. +# [*password_length*] Define the length of default passwords to create. 16 by default +# [*random_passwords*] Should trocla generate random passwords +# if none can be found. *true* by default. +# [*manage_dependencies*] Whether to manage the dependencies or not. Default *true* class trocla::config ( - $adapter = undef, - $keysize = 16, - $adapter_options = { 'default' => '' }, + $adapter = 'YAML', + $password_length = 16, + $random_passwords = true, + $adapter_options = {}, + $manage_dependencies = true, ) { - require trocla::master + if $manage_dependencies { + require trocla::master + } -# Deploy default config file and link it for trocla cli lookup + # Deploy default config file and link it for trocla cli lookup file{ "${settings::confdir}/troclarc.yaml": ensure => present, diff --git a/manifests/dependencies.pp b/manifests/dependencies.pp new file mode 100644 index 0000000..0b2bb73 --- /dev/null +++ b/manifests/dependencies.pp @@ -0,0 +1,12 @@ +class trocla::dependencies( + $provider = gem, +) { + package { 'moneta': + ensure => present, + provider => $provider, + } + package { 'highline': + ensure => present, + provider => $provider, + } +} diff --git a/manifests/master.pp b/manifests/master.pp index 64444b1..8bc5cd9 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -2,10 +2,14 @@ # # This module manages the necessary things for trocla on a master. # -# [Remember: No empty lines between comments and class definition] +# [*install_deps*]: Whether to directly install the necessary dependencies +# [*use_rubygems*]: Use the rubygems module to manage your dependencies +# [*provider*]: Which provider to use to install your dependencies, if you +# don't use the rubygems module class trocla::master ( $install_deps = false, $use_rubygems = true, + $provider = gem, ) { #Select if the upstream rubygems modules should be required for install @@ -16,20 +20,15 @@ class trocla::master ( #Manually install requirements via gem if $install_deps { - package { 'moneta': - ensure => present, - provider => gem, - } - package { 'highline': - ensure => present, - provider => gem, + class{'trocla::dependencies': + provider => $provider, } } #Main trocla install package {'trocla': ensure => present, - provider => gem, + provider => $provider, } } diff --git a/manifests/master/ree.pp b/manifests/master/ree.pp index c8d58f0..bf2c400 100644 --- a/manifests/master/ree.pp +++ b/manifests/master/ree.pp @@ -1,6 +1,7 @@ # Class: trocla::master::ree # -# This module manages the necessary things for trocla on a master. +# This module manages the necessary things for trocla on a master for +# RubyEnterprise installation. # # [Remember: No empty lines between comments and class definition] class trocla::master::ree { diff --git a/manifests/yaml.pp b/manifests/yaml.pp new file mode 100644 index 0000000..4650a5a --- /dev/null +++ b/manifests/yaml.pp @@ -0,0 +1,22 @@ +class trocla::yaml( + $password_length = 16 + $random_passwords = true, + $data_file = "{$settings::server_datadir}/trocla_data.yaml", +) { + + class{'trocla::config': + password_length => $password_length, + random_passwords => $random_passwords, + adapter => 'YAML', + adapter_options => { + file => $data_file, + }, + } + + file{$data_file: + ensure => file, + owner => puppet, + group => 0, + mode => 0600; + } +} diff --git a/templates/troclarc.yaml.erb b/templates/troclarc.yaml.erb index 3f473fe..d574cd9 100644 --- a/templates/troclarc.yaml.erb +++ b/templates/troclarc.yaml.erb @@ -1,9 +1,11 @@ --- options: - random: true - length: <%= @keysize %> + random: <%= @random_passwords %> + length: <%= @password_length %> adapter: :<%= @adapter %> +<% unless @adapter_options.empty? %> adapter_options: <% @adapter_options.each do |key,value| -%> - :<%= key -%>: '<%= value -%>' + :<%= key %>: '<%= value %>' +<% end -%> <% end -%> -- cgit v1.2.3 From db287f27fc099659ecb8f84a20259519321d6993 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Oct 2013 10:32:20 +0200 Subject: typo --- manifests/yaml.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/yaml.pp b/manifests/yaml.pp index 4650a5a..8b05135 100644 --- a/manifests/yaml.pp +++ b/manifests/yaml.pp @@ -1,5 +1,5 @@ class trocla::yaml( - $password_length = 16 + $password_length = 16, $random_passwords = true, $data_file = "{$settings::server_datadir}/trocla_data.yaml", ) { -- cgit v1.2.3 From 2446ca831ff1a8609333d820a920a37e842ac852 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Oct 2013 11:05:34 +0200 Subject: linting --- manifests/dependencies.pp | 3 +++ manifests/yaml.pp | 14 ++++++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/manifests/dependencies.pp b/manifests/dependencies.pp index 0b2bb73..9a4be15 100644 --- a/manifests/dependencies.pp +++ b/manifests/dependencies.pp @@ -1,3 +1,6 @@ +# manage trocla's dependencies +# +# [*provider*] How to install the dependencies. class trocla::dependencies( $provider = gem, ) { diff --git a/manifests/yaml.pp b/manifests/yaml.pp index 8b05135..dc20c2e 100644 --- a/manifests/yaml.pp +++ b/manifests/yaml.pp @@ -1,7 +1,17 @@ +# A class for an eady start with trocla. +# This will install and configure trocla with the +# default yaml storage. +# +# [*password_length*] The default length of new passwords: 16 +# [*random_passwords*] Whether trocla should generate random +# passwords or not. Default: true +# [*data_file*] Where to store the passwords. +# Default: {$settings::server_datadir}/trocla_data.yaml" +# This will likely be: /var/lib/puppet/server_data/trocla_data.yaml class trocla::yaml( $password_length = 16, $random_passwords = true, - $data_file = "{$settings::server_datadir}/trocla_data.yaml", + $data_file = "${settings::server_datadir}/trocla_data.yaml", ) { class{'trocla::config': @@ -17,6 +27,6 @@ class trocla::yaml( ensure => file, owner => puppet, group => 0, - mode => 0600; + mode => '0600'; } } -- cgit v1.2.3 From 3c6000621f04c314876a22b6908cbde24ae40f13 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 2 Oct 2013 11:32:55 +0200 Subject: add documentation of the existing functions --- README.md | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/README.md b/README.md index 64dd756..98668d5 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,64 @@ clients if you do not want to use trocla on the clients itself. If you want to do your own very custom setup, you should look into the other classes. +## Functions + +### trocla + + +Usage: + + trocla(KEY, FORMAT, [optional options]) + +This is the main function you will use. This is similar to a + + trocla create foo FORMAT + +on the cli. This means, that *if* a password for this key and format +exists, it will return this one, otherwise will create one automatically +and return the generated password. So you might want to do something like: + + user{'foobar': + password => trocla('user_foobar','plain') + } + +If you want to pass down encrypted passwords, you might use: + + + user{'foobar': + password => trocla('user_foobar','sha512crypt') + } + +As descriped further in trocla's docs. + +The optional options, can be used to pass options to the format, like +overriding the default length for passwords that are being created: + + user{'foobar': + password => trocla('user_foobar','sha512crypt','length: 32') + } + +### trocla_get + +Usage: + + trocla_get(KEY, FORMAT) + +This will return the value of the passed key and format. If nothing is +found an error will be raised. This is interesting if you want do not +want to autogenerate a password and rather be sure that it's already +existing in trocla's database. + +### trocla_set + +Usage: + + trocla_set(KEY, FORMAT,PASSWORD) + +This will set the passed password for the key/format pair and return it +as well. This is mainly interesting if you want to migrate existing manifests +with plenty of passwords in it to trocla. + ## Other classes ### trocla::config -- cgit v1.2.3 From c50fe82a17de09757a7fda7b734c6d178331f324 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 17 Nov 2013 13:17:20 +0100 Subject: add .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..01d0a08 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +pkg/ -- cgit v1.2.3 From 73859861b14a84293cfb2236b498c12a8357df86 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 13 Sep 2014 15:21:45 +0200 Subject: new release --- Modulefile | 9 --------- metadata.json | 25 +++++++++---------------- 2 files changed, 9 insertions(+), 25 deletions(-) delete mode 100644 Modulefile diff --git a/Modulefile b/Modulefile deleted file mode 100644 index b83e308..0000000 --- a/Modulefile +++ /dev/null @@ -1,9 +0,0 @@ -name 'duritong-trocla' -version '0.0.3' - -author 'duritong' -license '' -project_page 'https://github.com/duritong/trocla' -source 'https://github.com/duritong/puppet-trocla' -summary '' -description 'Query/Use trocla (https://github.com/duritong/trocla) from puppet' diff --git a/metadata.json b/metadata.json index dfb2a40..51b5c5e 100644 --- a/metadata.json +++ b/metadata.json @@ -1,21 +1,14 @@ { "name": "duritong-trocla", + "version": "0.0.4", "author": "duritong", - "description": "Query/Use trocla (https://github.com/duritong/trocla) from puppet", - "license": "", - "project_page": "https://github.com/duritong/trocla", + "summary": "This modules allows you to use trocla (https://github.com/duritong/trocla) from puppet.", + "license": "GPLv2", "source": "https://github.com/duritong/puppet-trocla", - "summary": "", - "version": "0.0.2", - "checksums": { - "Modulefile": "431cf06775a63c7cffa657b0d0911efd", - "README": "d4025a6e12d37adb7b8317bc89a2f807", - "lib/puppet/parser/functions/trocla.rb": "9d9e2472b99079dcec1bcbb5e4e74db2", - "lib/puppet/parser/functions/trocla_get.rb": "2a140366c2506d93c9705ae3705942d2", - "lib/puppet/util/trocla_helper.rb": "7da306ce8fa229bdc6d0e37a50087a6a", - "manifests/config.pp": "2160ee7d4089d6c3d15379d2f9789242", - "manifests/master.pp": "938d8681cdc1f8fadc5c2dc63447ee64", - "manifests/master/ree.pp": "f48611c532170c9fb7f73017a8df1f6f" - }, - "dependencies": [] + "project_page": "https://github.com/duritong/puppet-trocla", + "issues_url": "https://github.com/duritong/puppet-trocla/issues", + "description": "This modules allows you use trocla lookups as puppet functions.", + "dependencies": [ + + ] } -- cgit v1.2.3 From cc243b354e51a55b704469b92fb1f5a26555d663 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 24 Jan 2015 21:11:32 +0100 Subject: moneta dependencies require ruby-devel --- manifests/master.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/master.pp b/manifests/master.pp index 8bc5cd9..f78a11b 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -14,6 +14,7 @@ class trocla::master ( #Select if the upstream rubygems modules should be required for install if $use_rubygems { + require ruby::devel require rubygems::moneta require rubygems::highline } -- cgit v1.2.3 From f3e39b3a6a8680916219fad9815d5997b05d1feb Mon Sep 17 00:00:00 2001 From: Michael Weiser Date: Mon, 16 Feb 2015 18:29:28 +0100 Subject: Fix dependency handling --- manifests/dependencies.pp | 6 +----- manifests/master.pp | 4 ++-- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/manifests/dependencies.pp b/manifests/dependencies.pp index 9a4be15..b033269 100644 --- a/manifests/dependencies.pp +++ b/manifests/dependencies.pp @@ -4,11 +4,7 @@ class trocla::dependencies( $provider = gem, ) { - package { 'moneta': - ensure => present, - provider => $provider, - } - package { 'highline': + package { [ 'moneta', 'highline', 'bcrypt' ]: ensure => present, provider => $provider, } diff --git a/manifests/master.pp b/manifests/master.pp index 8bc5cd9..f7bb32f 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -7,8 +7,8 @@ # [*provider*]: Which provider to use to install your dependencies, if you # don't use the rubygems module class trocla::master ( - $install_deps = false, - $use_rubygems = true, + $install_deps = true, + $use_rubygems = false, $provider = gem, ) { -- cgit v1.2.3 From 91d91c253b792b5a176159e083eb1a3f301a7e86 Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Sun, 1 Mar 2015 19:13:57 +0100 Subject: add support for encryption and ssl_options --- manifests/config.pp | 6 ++++++ templates/troclarc.yaml.erb | 9 +++++++++ 2 files changed, 15 insertions(+) diff --git a/manifests/config.pp b/manifests/config.pp index a3a6e01..7b23a3e 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -5,6 +5,10 @@ # By default it's YAML # [*adapter_options*] This will contain a hash of the adapter options to pass the # trocla configuration. +# [*encryption*] Defines the encryption method for password stored in the backend. +# By default no encryption is used. +# [*ssl_options*] This will contain a hash of the ssl options to pass the +# trocla configuration. # [*password_length*] Define the length of default passwords to create. 16 by default # [*random_passwords*] Should trocla generate random passwords # if none can be found. *true* by default. @@ -14,6 +18,8 @@ class trocla::config ( $password_length = 16, $random_passwords = true, $adapter_options = {}, + $encryption = undef, + $ssl_options = {}, $manage_dependencies = true, ) { if $manage_dependencies { diff --git a/templates/troclarc.yaml.erb b/templates/troclarc.yaml.erb index d574cd9..7d4fa27 100644 --- a/templates/troclarc.yaml.erb +++ b/templates/troclarc.yaml.erb @@ -9,3 +9,12 @@ adapter_options: :<%= key %>: '<%= value %>' <% end -%> <% end -%> +<% if @encryption %> +encryption: :<%= @encryption %> +<% end -%> +<% unless @ssl_options.empty? %> +ssl_options: +<% @ssl_options.each do |key,value| -%> + :<%= key %>: '<%= value %>' +<% end -%> +<% end -%> -- cgit v1.2.3 From e26219692fb92258266eb569a5b234b1d940a9f0 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 21 Mar 2015 15:49:13 +0100 Subject: new version --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 51b5c5e..9541288 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "duritong-trocla", - "version": "0.0.4", + "version": "0.0.5", "author": "duritong", "summary": "This modules allows you to use trocla (https://github.com/duritong/trocla) from puppet.", "license": "GPLv2", -- cgit v1.2.3 From 9a3305ea0e30ad9d4fb4b1144c1b4d25955ca6b1 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 5 Apr 2015 19:21:13 +0200 Subject: dependencies should either be managed by the package or gem --- README.md | 15 --------------- manifests/dependencies.pp | 11 ----------- manifests/master.pp | 22 ---------------------- 3 files changed, 48 deletions(-) delete mode 100644 manifests/dependencies.pp diff --git a/README.md b/README.md index 98668d5..b3dff56 100644 --- a/README.md +++ b/README.md @@ -81,21 +81,6 @@ one if you do not use the default yaml setup. This class manages the installation of trocla itself. It will not configure trocla, it will just install the necessary packages. -### trocla::dependencies - -This class is used to install the necessary dependencies if you are not using -the rubygems module. See dependencies below for more information. - -## Dependencies - -By default this module requires the rubygems puppet module. If you want to -use trocla with ruby enterprise, you might be also interested in the -ruby_enterprise module. -If the dependencies should be managed internally, set: install_deps to `true`. - -You can also use this module with 0 dependencies by setting the option -use_rubygems to false. - ## Moar RTFC and for more information about trocla visit: https://github.com/duritong/trocla diff --git a/manifests/dependencies.pp b/manifests/dependencies.pp deleted file mode 100644 index b033269..0000000 --- a/manifests/dependencies.pp +++ /dev/null @@ -1,11 +0,0 @@ -# manage trocla's dependencies -# -# [*provider*] How to install the dependencies. -class trocla::dependencies( - $provider = gem, -) { - package { [ 'moneta', 'highline', 'bcrypt' ]: - ensure => present, - provider => $provider, - } -} diff --git a/manifests/master.pp b/manifests/master.pp index 90c92b1..8ea324b 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -2,34 +2,12 @@ # # This module manages the necessary things for trocla on a master. # -# [*install_deps*]: Whether to directly install the necessary dependencies -# [*use_rubygems*]: Use the rubygems module to manage your dependencies -# [*provider*]: Which provider to use to install your dependencies, if you -# don't use the rubygems module class trocla::master ( - $install_deps = true, - $use_rubygems = false, $provider = gem, ) { - - #Select if the upstream rubygems modules should be required for install - if $use_rubygems { - require ruby::devel - require rubygems::moneta - require rubygems::highline - } - - #Manually install requirements via gem - if $install_deps { - class{'trocla::dependencies': - provider => $provider, - } - } - #Main trocla install package {'trocla': ensure => present, provider => $provider, } - } -- cgit v1.2.3 From bf49729c0e4b9c399afdf7a89051e549ab5c95bd Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Thu, 2 Apr 2015 15:04:54 +0200 Subject: sort encryption options --- templates/troclarc.yaml.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/troclarc.yaml.erb b/templates/troclarc.yaml.erb index d574cd9..9f269bf 100644 --- a/templates/troclarc.yaml.erb +++ b/templates/troclarc.yaml.erb @@ -5,7 +5,7 @@ options: adapter: :<%= @adapter %> <% unless @adapter_options.empty? %> adapter_options: -<% @adapter_options.each do |key,value| -%> - :<%= key %>: '<%= value %>' +<% @adapter_options.keys.sort.each do |key| -%> + :<%= key %>: '<%= @adapter_options[key] %>' <% end -%> <% end -%> -- cgit v1.2.3 From 0341407287268d0a14ae410fa085d8036251164a Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Thu, 9 Apr 2015 10:52:09 +0200 Subject: sort ssl_options --- templates/troclarc.yaml.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/troclarc.yaml.erb b/templates/troclarc.yaml.erb index ddadc3a..cd4da3d 100644 --- a/templates/troclarc.yaml.erb +++ b/templates/troclarc.yaml.erb @@ -14,7 +14,7 @@ encryption: :<%= @encryption %> <% end -%> <% unless @ssl_options.empty? %> ssl_options: -<% @ssl_options.each do |key,value| -%> - :<%= key %>: '<%= value %>' +<% @ssl_options.keys.sort.each do |key| -%> + :<%= key %>: '<%= @ssl_options[key] %>' <% end -%> <% end -%> -- cgit v1.2.3 From 79f6a09a47e2f4d42c6723a2b0600d97aa0f774a Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 24 May 2015 18:02:38 +0200 Subject: release new version due to wrong packaging --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 9541288..6dcba5b 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "duritong-trocla", - "version": "0.0.5", + "version": "0.0.6", "author": "duritong", "summary": "This modules allows you to use trocla (https://github.com/duritong/trocla) from puppet.", "license": "GPLv2", -- cgit v1.2.3 From 9d8061bc91b5953f402d6c91f0f9fd9d4f5689df Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 24 May 2015 18:09:05 +0200 Subject: release lated version --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 6dcba5b..e1e67ae 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "duritong-trocla", - "version": "0.0.6", + "version": "0.0.7", "author": "duritong", "summary": "This modules allows you to use trocla (https://github.com/duritong/trocla) from puppet.", "license": "GPLv2", -- cgit v1.2.3 From ae723cfc50707b79891bc2eac99d10d5b044d53e Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 24 May 2015 18:13:44 +0200 Subject: release lated version, which should have now fixed all the permissions --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index e1e67ae..af2d50b 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "duritong-trocla", - "version": "0.0.7", + "version": "0.0.8", "author": "duritong", "summary": "This modules allows you to use trocla (https://github.com/duritong/trocla) from puppet.", "license": "GPLv2", -- cgit v1.2.3 From 0e320508328db93fc2ca8aa29eb1ed22e0f0f22a Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 12 Aug 2015 08:42:35 +0200 Subject: whitespace cleanup --- lib/puppet/parser/functions/trocla_set.rb | 10 +++++----- lib/puppet/util/trocla_helper.rb | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/puppet/parser/functions/trocla_set.rb b/lib/puppet/parser/functions/trocla_set.rb index c3c9b49..06da5ae 100644 --- a/lib/puppet/parser/functions/trocla_set.rb +++ b/lib/puppet/parser/functions/trocla_set.rb @@ -38,21 +38,21 @@ trocla, for example via cli. if args[0].is_a?(Array) args = args[0] end - + key = args[0] value = args[1] raise(Puppet::ParseError, "You need to pass at least key & value as an argument!") if key.nil? || value.nil? - + format = args[2] || 'plain' return_format = args[3] || format options = args[4] || {} - + configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") - + raise(Puppet::ParseError, "Trocla config file #{configfile} not readable") unless File.exist?(configfile) require 'trocla' - + result = (trocla=Trocla.new(configfile)).set_password(key,format,value) if format != return_format && (result = trocla.get_password(key,return_format)).nil? raise(Puppet::ParseError, "Plaintext password is not present, but required to return password in format #{return_format}") if (return_format == 'plain') || trocla.get_password(key,'plain').nil? diff --git a/lib/puppet/util/trocla_helper.rb b/lib/puppet/util/trocla_helper.rb index 64ef859..94670ae 100644 --- a/lib/puppet/util/trocla_helper.rb +++ b/lib/puppet/util/trocla_helper.rb @@ -16,7 +16,7 @@ module Puppet::Util::TroclaHelper key = args[0] || raise(Puppet::ParseError, "You need to pass at least a key as an argument!") format = args[1] || 'plain' options = args[2] || {} - + if options.is_a?(String) require 'yaml' options = YAML.load(options) @@ -27,7 +27,7 @@ module Puppet::Util::TroclaHelper raise(Puppet::ParseError, "Trocla config file #{configfile} is not readable") unless File.exist?(configfile) require 'trocla' - + has_options ? Trocla.new(configfile).send(trocla_func, key, format, options) : Trocla.new(configfile).send(trocla_func, key, format) end module_function :trocla -- cgit v1.2.3 From 402b98284242713fbb7b0173da8aa6eff87fa595 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 12 Aug 2015 08:48:24 +0200 Subject: Fix #14 - allow trocla_get not to raise an error if nothing is found Up to now we raised an error if nothing was found while using trocla_get. The main idea was to ensure that typos in the key/format are easily spotted and not overlooked as no password being returned usually indicates that something is wrong. As outlined in #14 there are use cases where it makes sense to not have this behavior. This change allows us to suppress the error raising and just return the puppet undef if nothing is found. --- lib/puppet/parser/functions/trocla_get.rb | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/lib/puppet/parser/functions/trocla_get.rb b/lib/puppet/parser/functions/trocla_get.rb index 01c4e01..fb5cd5a 100644 --- a/lib/puppet/parser/functions/trocla_get.rb +++ b/lib/puppet/parser/functions/trocla_get.rb @@ -4,7 +4,7 @@ module Puppet::Parser::Functions Usage: - $password_user1 = trocla_get(key,[format='plain']) + $password_user1 = trocla_get(key,[format='plain'[,raise_error=true]]) Means: @@ -16,13 +16,23 @@ Get the plain text password for the key 'user1' Get the mysql style sha1 hashed password. -It will raise a parse error if the password haven't yet been stored in trocla. +By default puppet will raise a parse error if the password haven't yet been +stored in trocla. This can be turned off by setting false as a third argument: + + $password_user3 = trocla_get('user2','mysql',false) + +the return value will be undef if the key & format pair is not found. " ) do |*args| + if args[0].is_a?(Array) + args = args[0] + end require File.dirname(__FILE__) + '/../../util/trocla_helper' - if (answer=Puppet::Util::TroclaHelper.trocla(:get_password,false,*args)).nil? - raise(Puppet::ParseError, "No password for key,format #{args.flatten.inspect} found!") + args[1] ||= 'plain' + raise_error = args[2].nil? ? true : args[2] + if (answer=Puppet::Util::TroclaHelper.trocla(:get_password,false,[args[0],args[1]])).nil? && raise_error + raise(Puppet::ParseError, "No password for key,format #{args[0..1].flatten.inspect} found!") end - answer + answer.nil? ? :undef : answer end end -- cgit v1.2.3 From 505d820e21c46bb578d796a91de1806d22b17549 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 18 Sep 2015 18:16:27 +0200 Subject: if the provider is not gem we should name the package correctly --- manifests/master.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/master.pp b/manifests/master.pp index 8ea324b..ad47914 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -10,4 +10,10 @@ class trocla::master ( ensure => present, provider => $provider, } + + if $provider != 'gem' { + Package['trocla']{ + name => 'rubygem-trocla' + } + } } -- cgit v1.2.3 From 35290991d38202cd1bd3f52616a23d4e471b8343 Mon Sep 17 00:00:00 2001 From: Michael Weiser Date: Thu, 1 Oct 2015 17:15:58 +0200 Subject: Add custom hiera backend for trocla Only reacts to key namespace trocla::password::. Looks up additional parameters via hiera itself as trocla::options::::format (string) and trocla::options::::options (hash). Looks for in trocla as hiera// with iterating over the configured hiera hierarchy. If not found, creates and returns a new password with trocla key . example entry in hiera.yaml: backends: - ... - trocla trocla: - configfile: /etc/puppet/troclarc.yaml - format: plain - options: length: 16 example usage in hiera yaml file: kerberos::kdc_database_password: "%{hiera('trocla::password::kdc_database_password')}" trocla::options::kdc_database_password::format: 'plain' trocla::options::kdc_database_password::options: length: '71' --- lib/hiera/backend/trocla_backend.rb | 114 ++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 lib/hiera/backend/trocla_backend.rb diff --git a/lib/hiera/backend/trocla_backend.rb b/lib/hiera/backend/trocla_backend.rb new file mode 100644 index 0000000..7689e02 --- /dev/null +++ b/lib/hiera/backend/trocla_backend.rb @@ -0,0 +1,114 @@ +# Custom hiera backend for trocla +# +# Only reacts to key namespace trocla::password::. Looks up +# additional parameters via hiera itself as +# trocla::options::::format (string) and +# trocla::options::::options (hash). Looks for in +# trocla as hiera// with iterating over the configured +# hiera hierarchy. If not found, creates and returns a new password with trocla +# key . +# +# example entry in hiera.yaml: +# backends: +# - ... +# - trocla +# trocla: +# - configfile: /etc/puppet/troclarc.yaml +# - format: plain +# - options: +# length: 16 +# +# example usage in hiera yaml file: +# kerberos::kdc_database_password: "%{hiera('trocla::password::kdc_database_password')}" +# trocla::options::kdc_database_password::format: 'plain' +# trocla::options::kdc_database_password::options: +# length: 71 +class Hiera + module Backend + class Trocla_backend + + def initialize + @trocla = nil + + Hiera.debug("Hiera Trocla backend starting") + require 'trocla' + + default_configfile = "/etc/puppet/troclarc.yaml" + default_default_format = "plain" + default_default_options = {} + + begin + configfile = Config[:trocla][:configfile] || default_configfile + rescue + configfile = default_configfile + end + + if not File.exist?(configfile) + Hiera.warn("Trocla config file #{configfile} is not readable") + return + end + + begin + @default_format = Config[:trocla][:format] || default_default_format + rescue + @default_format = default_default_format + end + + begin + @default_options = Config[:trocla][:options] || default_default_options + rescue + @default_options = default_default_options + end + + @trocla = Trocla.new(configfile) + end + + def lookup(key, scope, order_override, resolution_type) + return nil unless @trocla + + Hiera.debug("Looking up #{key} in trocla backend") + + password_namespace = 'trocla::password::' + options_namespace = 'trocla::options::' + + # we only accept trocla::password:: lookups because we do hiera lookups + # ourselves and could otherwise cause loops + return nil unless key.start_with?(password_namespace) + + # cut off trocla hiera namespace: trocla::password::root -> root + trocla_key = key[password_namespace.length, + key.length - password_namespace.length] + Hiera.debug("Looking for key #{trocla_key} in trocla") + + # HERE BE DRAGONS: hiera lookups from backend to determine additional + # trocla options for this password + format = Backend.lookup(options_namespace + trocla_key + '::format', + @default_format, scope, nil, :priority) + + answer = nil + # Go looking for existing password as hiera//. + # Would need to be initialised externally, e.g by calling + # trocla('hiera/osfamily/Debian/jessie/root' in site.pp. Alternatively + # we could use hiera's concept of datafiles to look into different + # trocla password stores. But this would need somehow providing + # different troclarcs as well. + sources = Backend.datasources(scope, order_override) do |source| + Hiera.debug("Looking for data source #{source}") + break if answer = @trocla.send(:get_password, + 'hiera/' + source + '/' + trocla_key, + format) + end + + if not answer + # create a new password + options = Backend.lookup(options_namespace + trocla_key + '::options', + @default_options, scope, nil, :hash) + answer = @trocla.send(:password, trocla_key, format, options) + end + + return answer + end + + end + end +end -- cgit v1.2.3 From cbd411b919cf7e75966ad13ffc5e654b51c8d207 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 18 Oct 2015 18:18:14 +0200 Subject: cleanup and simplifaction * refactoring code for simplicity and easier maintenance. * prefix the format and options config with default_ to better represent their intention. --- lib/hiera/backend/trocla_backend.rb | 82 +++++++++++++++---------------------- 1 file changed, 32 insertions(+), 50 deletions(-) diff --git a/lib/hiera/backend/trocla_backend.rb b/lib/hiera/backend/trocla_backend.rb index 7689e02..cf911c5 100644 --- a/lib/hiera/backend/trocla_backend.rb +++ b/lib/hiera/backend/trocla_backend.rb @@ -5,17 +5,17 @@ # trocla::options::::format (string) and # trocla::options::::options (hash). Looks for in # trocla as hiera// with iterating over the configured -# hiera hierarchy. If not found, creates and returns a new password with trocla -# key . +# hiera hierarchy. If not found, makes a normal trocla lookup with +# that might create a new password on the first run. # # example entry in hiera.yaml: # backends: # - ... # - trocla # trocla: -# - configfile: /etc/puppet/troclarc.yaml -# - format: plain -# - options: +# configfile: /etc/puppet/troclarc.yaml +# default_format: plain +# default_options: # length: 16 # # example usage in hiera yaml file: @@ -26,64 +26,36 @@ class Hiera module Backend class Trocla_backend - + attr_accessor :trocla def initialize - @trocla = nil - Hiera.debug("Hiera Trocla backend starting") require 'trocla' - - default_configfile = "/etc/puppet/troclarc.yaml" - default_default_format = "plain" - default_default_options = {} - - begin - configfile = Config[:trocla][:configfile] || default_configfile - rescue - configfile = default_configfile - end - - if not File.exist?(configfile) + unless File.readable?(configfile) Hiera.warn("Trocla config file #{configfile} is not readable") return end - begin - @default_format = Config[:trocla][:format] || default_default_format - rescue - @default_format = default_default_format - end - - begin - @default_options = Config[:trocla][:options] || default_default_options - rescue - @default_options = default_default_options - end - - @trocla = Trocla.new(configfile) + @trocla = Trocla.new(config[:configfile]) end def lookup(key, scope, order_override, resolution_type) - return nil unless @trocla + return nil unless trocla Hiera.debug("Looking up #{key} in trocla backend") - password_namespace = 'trocla::password::' - options_namespace = 'trocla::options::' # we only accept trocla::password:: lookups because we do hiera lookups # ourselves and could otherwise cause loops - return nil unless key.start_with?(password_namespace) + return nil unless key.start_with?(config[:password_namespace]) # cut off trocla hiera namespace: trocla::password::root -> root - trocla_key = key[password_namespace.length, - key.length - password_namespace.length] + trocla_key = key.sub(/^#{config[:password_namespace]}/,'') Hiera.debug("Looking for key #{trocla_key} in trocla") # HERE BE DRAGONS: hiera lookups from backend to determine additional # trocla options for this password - format = Backend.lookup(options_namespace + trocla_key + '::format', - @default_format, scope, nil, :priority) + format = Backend.lookup(config[:options_namespace] + trocla_key + '::format', + config[:default_format], scope, nil, :priority) answer = nil # Go looking for existing password as hiera//. @@ -92,23 +64,33 @@ class Hiera # we could use hiera's concept of datafiles to look into different # trocla password stores. But this would need somehow providing # different troclarcs as well. - sources = Backend.datasources(scope, order_override) do |source| + Backend.datasources(scope, order_override) do |source| Hiera.debug("Looking for data source #{source}") - break if answer = @trocla.send(:get_password, - 'hiera/' + source + '/' + trocla_key, - format) + break if answer = trocla.get_password( + 'hiera/' + source + '/' + trocla_key, + format) end - if not answer - # create a new password - options = Backend.lookup(options_namespace + trocla_key + '::options', - @default_options, scope, nil, :hash) - answer = @trocla.send(:password, trocla_key, format, options) + unless answer + # lookup and maybe create a new password + options = Backend.lookup(config[:options_namespace] + trocla_key + '::options', + config[:default_options], scope, nil, :hash) + answer = trocla.password(trocla_key, format, options) end return answer end + private + def config + @config ||= { + :configfile => '/etc/puppet/troclarc.yaml', + :default_format => 'plain', + :default_options => {}, + :password_namespace => 'trocla::password::', + :options_namespace => 'trocla::options::', + }.merge(Config[:trocla] || {}) + end end end end -- cgit v1.2.3 From 8729dfcf6ca273cd9bbb3e73454f5737d5c7f5d7 Mon Sep 17 00:00:00 2001 From: Michael Weiser Date: Tue, 20 Oct 2015 18:31:10 +0200 Subject: Fix configfile error in hiera backend Get path to configuration file from config hash to avoid undefined variable error. --- lib/hiera/backend/trocla_backend.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/hiera/backend/trocla_backend.rb b/lib/hiera/backend/trocla_backend.rb index cf911c5..db342e9 100644 --- a/lib/hiera/backend/trocla_backend.rb +++ b/lib/hiera/backend/trocla_backend.rb @@ -30,8 +30,8 @@ class Hiera def initialize Hiera.debug("Hiera Trocla backend starting") require 'trocla' - unless File.readable?(configfile) - Hiera.warn("Trocla config file #{configfile} is not readable") + unless File.readable?(config[:configfile]) + Hiera.warn("Trocla config file #{config[:configfile]} is not readable") return end -- cgit v1.2.3 From 572fd99995e50591f3e774582937c28eb337aa00 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Dec 2015 11:51:17 +0100 Subject: Fix #17 - point to @ZeroPointEnergy's hiera-backend --- README.md | 4 ++ lib/hiera/backend/trocla_backend.rb | 96 ------------------------------------- 2 files changed, 4 insertions(+), 96 deletions(-) delete mode 100644 lib/hiera/backend/trocla_backend.rb diff --git a/README.md b/README.md index b3dff56..551de54 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,10 @@ one if you do not use the default yaml setup. This class manages the installation of trocla itself. It will not configure trocla, it will just install the necessary packages. +## Hiera backend + +Trocla can also be integrated into [Hiera](https://docs.puppetlabs.com/hiera/) by using ZeroPointEnergy's [hiera-backend](https://github.com/ZeroPointEnergy/hiera-backend-trocla). + ## Moar RTFC and for more information about trocla visit: https://github.com/duritong/trocla diff --git a/lib/hiera/backend/trocla_backend.rb b/lib/hiera/backend/trocla_backend.rb deleted file mode 100644 index db342e9..0000000 --- a/lib/hiera/backend/trocla_backend.rb +++ /dev/null @@ -1,96 +0,0 @@ -# Custom hiera backend for trocla -# -# Only reacts to key namespace trocla::password::. Looks up -# additional parameters via hiera itself as -# trocla::options::::format (string) and -# trocla::options::::options (hash). Looks for in -# trocla as hiera// with iterating over the configured -# hiera hierarchy. If not found, makes a normal trocla lookup with -# that might create a new password on the first run. -# -# example entry in hiera.yaml: -# backends: -# - ... -# - trocla -# trocla: -# configfile: /etc/puppet/troclarc.yaml -# default_format: plain -# default_options: -# length: 16 -# -# example usage in hiera yaml file: -# kerberos::kdc_database_password: "%{hiera('trocla::password::kdc_database_password')}" -# trocla::options::kdc_database_password::format: 'plain' -# trocla::options::kdc_database_password::options: -# length: 71 -class Hiera - module Backend - class Trocla_backend - attr_accessor :trocla - def initialize - Hiera.debug("Hiera Trocla backend starting") - require 'trocla' - unless File.readable?(config[:configfile]) - Hiera.warn("Trocla config file #{config[:configfile]} is not readable") - return - end - - @trocla = Trocla.new(config[:configfile]) - end - - def lookup(key, scope, order_override, resolution_type) - return nil unless trocla - - Hiera.debug("Looking up #{key} in trocla backend") - - - # we only accept trocla::password:: lookups because we do hiera lookups - # ourselves and could otherwise cause loops - return nil unless key.start_with?(config[:password_namespace]) - - # cut off trocla hiera namespace: trocla::password::root -> root - trocla_key = key.sub(/^#{config[:password_namespace]}/,'') - Hiera.debug("Looking for key #{trocla_key} in trocla") - - # HERE BE DRAGONS: hiera lookups from backend to determine additional - # trocla options for this password - format = Backend.lookup(config[:options_namespace] + trocla_key + '::format', - config[:default_format], scope, nil, :priority) - - answer = nil - # Go looking for existing password as hiera//. - # Would need to be initialised externally, e.g by calling - # trocla('hiera/osfamily/Debian/jessie/root' in site.pp. Alternatively - # we could use hiera's concept of datafiles to look into different - # trocla password stores. But this would need somehow providing - # different troclarcs as well. - Backend.datasources(scope, order_override) do |source| - Hiera.debug("Looking for data source #{source}") - break if answer = trocla.get_password( - 'hiera/' + source + '/' + trocla_key, - format) - end - - unless answer - # lookup and maybe create a new password - options = Backend.lookup(config[:options_namespace] + trocla_key + '::options', - config[:default_options], scope, nil, :hash) - answer = trocla.password(trocla_key, format, options) - end - - return answer - end - - private - def config - @config ||= { - :configfile => '/etc/puppet/troclarc.yaml', - :default_format => 'plain', - :default_options => {}, - :password_namespace => 'trocla::password::', - :options_namespace => 'trocla::options::', - }.merge(Config[:trocla] || {}) - end - end - end -end -- cgit v1.2.3 From 8ca75f6d074b83ee48d9ce713cdb3e28e57d2cf8 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 28 Jan 2016 00:55:26 +0100 Subject: update module to make it work with all the new features of trocla 0.2.2 --- .gitignore | 5 +- .travis.yml | 15 +++++ Gemfile | 23 ++++++++ README.md | 6 ++ Rakefile | 23 ++++++++ manifests/ca/params.pp | 11 ++++ manifests/config.pp | 63 +++++++++++++-------- manifests/master.pp | 13 +++-- manifests/master/hiera.pp | 6 ++ manifests/master/ree.pp | 13 ----- manifests/params.pp | 6 ++ manifests/yaml.pp | 22 +++----- metadata.json | 4 +- spec/classes/ca_params_spec.rb | 8 +++ spec/classes/config_spec.rb | 114 ++++++++++++++++++++++++++++++++++++++ spec/classes/master_hiera_spec.rb | 11 ++++ spec/classes/master_spec.rb | 52 +++++++++++++++++ spec/classes/params_spec.pp | 8 +++ spec/classes/yaml_spec.rb | 39 +++++++++++++ spec/spec_helper.rb | 13 +++++ templates/troclarc.yaml.erb | 62 ++++++++++++++------- 21 files changed, 442 insertions(+), 75 deletions(-) create mode 100644 .travis.yml create mode 100644 Gemfile create mode 100644 Rakefile create mode 100644 manifests/ca/params.pp create mode 100644 manifests/master/hiera.pp delete mode 100644 manifests/master/ree.pp create mode 100644 manifests/params.pp create mode 100644 spec/classes/ca_params_spec.rb create mode 100644 spec/classes/config_spec.rb create mode 100644 spec/classes/master_hiera_spec.rb create mode 100644 spec/classes/master_spec.rb create mode 100644 spec/classes/params_spec.pp create mode 100644 spec/classes/yaml_spec.rb create mode 100644 spec/spec_helper.rb diff --git a/.gitignore b/.gitignore index 01d0a08..493131d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ -pkg/ +spec/fixtures +.librarian +.tmp +*.lock diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..c85bde4 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,15 @@ +rvm: + - 1.8.7 + - 1.9.3 + - 2.0.0 +script: 'bundle exec rake spec' +env: + - PUPPET_VERSION=3.8.4 +matrix: + exclude: + # No support for Ruby 2.0 before Puppet 3.2 + - rvm: 2.0.0 + env: PUPPET_VERSION=3.0.0 + - rvm: 2.0.0 + env: PUPPET_VERSION=3.1.0 + diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..71032cf --- /dev/null +++ b/Gemfile @@ -0,0 +1,23 @@ +source 'https://rubygems.org' + +if ENV.key?('PUPPET_VERSION') + puppetversion = "~> #{ENV['PUPPET_VERSION']}" +else + puppetversion = ['>= 3.8.4'] +end + +if RUBY_VERSION == '1.8.7' + puppetversion = ['~> 3.8.4'] + gem 'i18n', '~> 0.6.11' + gem 'activesupport', '~> 3.2' + gem 'highline', '~> 1.6.21' + gem 'librarian-puppet', '~> 1.0.0' + gem 'rspec', '~> 3.1.0' +else + gem 'librarian-puppet' +end + +gem 'puppet', puppetversion +gem 'puppet-lint' +gem 'puppetlabs_spec_helper' +gem 'rake' diff --git a/README.md b/README.md index 551de54..8874f63 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,10 @@ clients if you do not want to use trocla on the clients itself. If you want to do your own very custom setup, you should look into the other classes. +## Compatibility + +* Version 0.2.2 of this module is for version 0.2.2 of trocla. + ## Functions ### trocla @@ -85,6 +89,8 @@ trocla, it will just install the necessary packages. Trocla can also be integrated into [Hiera](https://docs.puppetlabs.com/hiera/) by using ZeroPointEnergy's [hiera-backend](https://github.com/ZeroPointEnergy/hiera-backend-trocla). +Simply `include trocla::master::hiera` to make that backend available. + ## Moar RTFC and for more information about trocla visit: https://github.com/duritong/trocla diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..e5103dd --- /dev/null +++ b/Rakefile @@ -0,0 +1,23 @@ +require 'bundler' +Bundler.require(:rake) + +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' + +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp"] +PuppetLint.configuration.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}' +PuppetLint.configuration.send("disable_class_inherits_from_params_class") + +# use librarian-puppet to manage fixtures instead of .fixtures.yml +# offers more possibilities like explicit version management, forge downloads,... +task :librarian_spec_prep do + sh "librarian-puppet install --path=spec/fixtures/modules/" + pwd = `pwd`.strip + unless File.directory?("#{pwd}/spec/fixtures/modules/trocla") + sh "ln -s #{pwd} #{pwd}/spec/fixtures/modules/trocla" + end +end +task :spec_prep => :librarian_spec_prep + + +task :default => [:spec, :lint] diff --git a/manifests/ca/params.pp b/manifests/ca/params.pp new file mode 100644 index 0000000..bb61248 --- /dev/null +++ b/manifests/ca/params.pp @@ -0,0 +1,11 @@ +# input for a ca from trocla, so that you need only +# +# trocla('some_ca','x509',$trocla::ca::params::ca_options) +class trocla::ca::params( + $trocla_options = { + 'profiles' => ['sysdomain_nc','x509long'], + 'CN' => "automated-ca ${name} for ${::domain}", + }, +) { + $ca_options = merge($trocla_options,{ become_ca => true, render => { certonly => true }}) +} diff --git a/manifests/config.pp b/manifests/config.pp index 7b23a3e..8c52db7 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,35 +1,55 @@ #Installs configuration files for the trocla agent/CLI # #Options -# [*adapter*] Defines the adapter type to use for trocla agent. -# By default it's YAML -# [*adapter_options*] This will contain a hash of the adapter options to pass the -# trocla configuration. -# [*encryption*] Defines the encryption method for password stored in the backend. -# By default no encryption is used. -# [*ssl_options*] This will contain a hash of the ssl options to pass the -# trocla configuration. -# [*password_length*] Define the length of default passwords to create. 16 by default -# [*random_passwords*] Should trocla generate random passwords -# if none can be found. *true* by default. -# [*manage_dependencies*] Whether to manage the dependencies or not. Default *true* +# [*options*] Options for trocla. Default: empty hash. +# [*profiles*] Profiles for trocla. Default: empty hash. +# [*x509_profile_domain_constraint*] +# A profile for x509 name constraint that matches +# the own domain by default. +# This will add a profile for x509 certs with the +# option 'name_constraints' set to this array of +# domains. +# [*store*] Defines the store to be used for trocla. By default +# it's not set, meaning trocla's default (moneta) will +# be used. +# [*store_options*] This will contain a hash of the options to pass the +# trocla store configuration. +# [*encryption*] Defines the encryption method for password stored in +# the backend. By default it's not set, meaning trocla's +# default (none) will be used. +# [*encryption_options*] This will contain a hash of the options for the +# encryption. Default: empty Hash +# [*manage_dependencies*] Whether to manage the dependencies or not. +# Default *true* class trocla::config ( - $adapter = 'YAML', - $password_length = 16, - $random_passwords = true, - $adapter_options = {}, - $encryption = undef, - $ssl_options = {}, - $manage_dependencies = true, + $options = {}, + $profiles = {}, + $x509_profile_domain_constraints = [$::domain], + $store = undef, + $store_options = {}, + $encryption = undef, + $encryption_options = {}, + $manage_dependencies = true, ) { + include ::trocla::params if $manage_dependencies { - require trocla::master + require ::trocla::master + } + + if empty($x509_profile_domain_constraints) { + $merged_profiles = $profiles + } else { + $default_profiles = { + "${trocla::params::sysdomain_profile_name}" => { + name_constraints => $x509_profile_domain_constraints + } + } + $merged_profiles = merge($default_profiles,$profiles) } # Deploy default config file and link it for trocla cli lookup file{ "${settings::confdir}/troclarc.yaml": - ensure => present, content => template('trocla/troclarc.yaml.erb'), owner => root, group => puppet, @@ -38,5 +58,4 @@ class trocla::config ( ensure => link, target => "${settings::confdir}/troclarc.yaml"; } - } diff --git a/manifests/master.pp b/manifests/master.pp index ad47914..43e203d 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -3,15 +3,18 @@ # This module manages the necessary things for trocla on a master. # class trocla::master ( - $provider = gem, + $provider = 'default', ) { - #Main trocla install package {'trocla': - ensure => present, - provider => $provider, + ensure => 'installed', } - if $provider != 'gem' { + if $provider != 'default' { + Package['trocla']{ + provider => $provider, + } + } + if $provider != 'gem' and $::osfamily == 'RedHat' { Package['trocla']{ name => 'rubygem-trocla' } diff --git a/manifests/master/hiera.pp b/manifests/master/hiera.pp new file mode 100644 index 0000000..75b8bb3 --- /dev/null +++ b/manifests/master/hiera.pp @@ -0,0 +1,6 @@ +# manage trocla/hiera integration +class trocla::master::hiera { + package{'rubygem-hiera-backend-trocla': + ensure => present, + } +} diff --git a/manifests/master/ree.pp b/manifests/master/ree.pp deleted file mode 100644 index bf2c400..0000000 --- a/manifests/master/ree.pp +++ /dev/null @@ -1,13 +0,0 @@ -# Class: trocla::master::ree -# -# This module manages the necessary things for trocla on a master for -# RubyEnterprise installation. -# -# [Remember: No empty lines between comments and class definition] -class trocla::master::ree { - - require ruby_enterprise::gems::moneta - require ruby_enterprise::gems::highline - - ruby_enterprise::gem{'trocla': } -} diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..f99aa2a --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,6 @@ +# a set of default params for various trocla usages +class trocla::params( + $sysdomain_profile_name = 'sysdomain_nc' +){ + +} diff --git a/manifests/yaml.pp b/manifests/yaml.pp index dc20c2e..8ac0071 100644 --- a/manifests/yaml.pp +++ b/manifests/yaml.pp @@ -2,24 +2,20 @@ # This will install and configure trocla with the # default yaml storage. # -# [*password_length*] The default length of new passwords: 16 -# [*random_passwords*] Whether trocla should generate random -# passwords or not. Default: true # [*data_file*] Where to store the passwords. -# Default: {$settings::server_datadir}/trocla_data.yaml" -# This will likely be: /var/lib/puppet/server_data/trocla_data.yaml +# Default: /var/lib/trocla/trocla_data.yaml +# This should be managed using the package. class trocla::yaml( - $password_length = 16, - $random_passwords = true, - $data_file = "${settings::server_datadir}/trocla_data.yaml", + $data_file = '/var/lib/trocla/trocla_data.yaml', ) { class{'trocla::config': - password_length => $password_length, - random_passwords => $random_passwords, - adapter => 'YAML', - adapter_options => { - file => $data_file, + store => 'moneta', + store_options => { + adapter => 'YAML', + adapter_options => { + file => $data_file, + }, }, } diff --git a/metadata.json b/metadata.json index af2d50b..a5b7d9a 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "duritong-trocla", - "version": "0.0.8", + "version": "0.2.2", "author": "duritong", "summary": "This modules allows you to use trocla (https://github.com/duritong/trocla) from puppet.", "license": "GPLv2", @@ -9,6 +9,6 @@ "issues_url": "https://github.com/duritong/puppet-trocla/issues", "description": "This modules allows you use trocla lookups as puppet functions.", "dependencies": [ - + {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0"} ] } diff --git a/spec/classes/ca_params_spec.rb b/spec/classes/ca_params_spec.rb new file mode 100644 index 0000000..5277972 --- /dev/null +++ b/spec/classes/ca_params_spec.rb @@ -0,0 +1,8 @@ +require File.expand_path(File.join(File.dirname(__FILE__),'../spec_helper')) + +describe 'trocla::ca::params', :type => 'class' do + context 'with default params' do + it { should compile.with_all_deps } + end +end + diff --git a/spec/classes/config_spec.rb b/spec/classes/config_spec.rb new file mode 100644 index 0000000..fc0a33a --- /dev/null +++ b/spec/classes/config_spec.rb @@ -0,0 +1,114 @@ +require File.expand_path(File.join(File.dirname(__FILE__),'../spec_helper')) + +describe 'trocla::config', :type => 'class' do + let(:facts){ + { + :domain => 'example.com', + } + } + context 'with default params' do + it { should contain_class('trocla::params') } + it { should contain_class('trocla::master') } + it { should contain_file('/etc/puppet/troclarc.yaml').with( + :owner => 'root', + :group => 'puppet', + :mode => '0640' + )} + it { should contain_file('/etc/puppet/troclarc.yaml').with_content("--- +profiles: + sysdomain_nc: + name_constraints: + - example.com +") } + it { should contain_file('/etc/troclarc.yaml').with( + :ensure => 'link', + :target => '/etc/puppet/troclarc.yaml' + )} + + it { should compile.with_all_deps } + end + + context 'with other params' do + let(:params) { + { + :options => { + 'length' => 24, + 'profiles' => 'mydefaultprofile', + 'random' => false, + 'expires' => 60*60*24, #1day + }, + :profiles => { + 'mydefaultprofile' => { + 'length' => 20, + }, + 'anotherprofile' => { + 'random' => true, + 'expires' => false, + }, + }, + :x509_profile_domain_constraints => ['domain1.com','domain2.com'], + :store => 'moneta', + :store_options => { + 'adapter' => 'Sequel', + 'adapter_options' => { + 'db' => 'mysql://db.server.name', + 'user' => 'trocla', + 'password' => 'secret_password', + 'database' => 'trocladb', + 'table' => 'trocla', + }, + }, + :encryption => 'ssl', + :encryption_options => { + 'private_key' => '/var/lib/puppet/ssl/private_keys/trocla.pem', + 'public_key' => '/var/lib/puppet/ssl/public_keys/trocla.pem', + }, + :manage_dependencies => false, + } + } + it { should contain_class('trocla::params') } + it { should_not contain_class('trocla::master') } + it { should contain_file('/etc/puppet/troclarc.yaml').with( + :owner => 'root', + :group => 'puppet', + :mode => '0640' + )} + it { should contain_file('/etc/puppet/troclarc.yaml').with_content("--- +encryption: :ssl +encryption_options: + :private_key: /var/lib/puppet/ssl/private_keys/trocla.pem + :public_key: /var/lib/puppet/ssl/public_keys/trocla.pem +options: + expires: 86400 + length: 24 + profiles: mydefaultprofile + random: false +profiles: + anotherprofile: + expires: false + random: true + mydefaultprofile: + length: 20 + sysdomain_nc: + name_constraints: + - domain1.com + - domain2.com +store: :moneta +store_options: + adapter: :Sequel + adapter_options: + :database: trocladb + :db: mysql://db.server.name + :password: secret_password + :table: trocla + :user: trocla +") } + it { should contain_file('/etc/troclarc.yaml').with( + :ensure => 'link', + :target => '/etc/puppet/troclarc.yaml' + )} + + it { should compile.with_all_deps } + end +end + diff --git a/spec/classes/master_hiera_spec.rb b/spec/classes/master_hiera_spec.rb new file mode 100644 index 0000000..62112fb --- /dev/null +++ b/spec/classes/master_hiera_spec.rb @@ -0,0 +1,11 @@ +require File.expand_path(File.join(File.dirname(__FILE__),'../spec_helper')) + +describe 'trocla::master::hiera', :type => 'class' do + context 'with default params' do + it { should compile.with_all_deps } + it { should contain_package('rubygem-hiera-backend-trocla').with( + :ensure => 'present', + )} + end +end + diff --git a/spec/classes/master_spec.rb b/spec/classes/master_spec.rb new file mode 100644 index 0000000..ad99c86 --- /dev/null +++ b/spec/classes/master_spec.rb @@ -0,0 +1,52 @@ +require File.expand_path(File.join(File.dirname(__FILE__),'../spec_helper')) + +describe 'trocla::master', :type => 'class' do + context 'with default params' do + context 'on RedHat' do + let(:facts) { + { + :osfamily => 'RedHat', + } + } + it { should contain_package('trocla').with( + :name => 'rubygem-trocla', + :ensure => 'installed' + )} + it { should compile.with_all_deps } + end + context 'on Debian' do + let(:facts) { + { + :osfamily => 'Debian', + } + } + it { should contain_package('trocla').with( + :ensure => 'installed' + )} + it { should compile.with_all_deps } + end + end + context 'with gem provider' do + let(:params){ + { + :provider => 'gem' + } + } + it { should contain_package('trocla').with( + :ensure => 'installed', + :provider => 'gem' + )} + + it { should compile.with_all_deps } + context 'on RedHat' do + it { should contain_package('trocla').with( + :name => 'trocla', + :ensure => 'installed', + :provider => 'gem' + )} + + it { should compile.with_all_deps } + end + end +end + diff --git a/spec/classes/params_spec.pp b/spec/classes/params_spec.pp new file mode 100644 index 0000000..4d05e1f --- /dev/null +++ b/spec/classes/params_spec.pp @@ -0,0 +1,8 @@ +require File.expand_path(File.join(File.dirname(__FILE__),'../spec_helper')) + +describe 'trocla::params', :type => 'class' do + context 'with default params' do + it { should compile.with_all_deps } + end +end + diff --git a/spec/classes/yaml_spec.rb b/spec/classes/yaml_spec.rb new file mode 100644 index 0000000..c5912f2 --- /dev/null +++ b/spec/classes/yaml_spec.rb @@ -0,0 +1,39 @@ +require File.expand_path(File.join(File.dirname(__FILE__),'../spec_helper')) + +describe 'trocla::yaml', :type => 'class' do + let(:facts){ + { + :domain => 'example.com', + } + } + context 'with default params' do + it { should contain_class('trocla::config').with( + 'store' => 'moneta', + 'store_options' => { + 'adapter' => 'YAML', + 'adapter_options' => { + 'file' => '/var/lib/trocla/trocla_data.yaml', + } + } + )} + it { should contain_file('/etc/puppet/troclarc.yaml').with_content("--- +profiles: + sysdomain_nc: + name_constraints: + - example.com +store: :moneta +store_options: + adapter: :YAML + adapter_options: + :file: /var/lib/trocla/trocla_data.yaml +") } + it { should contain_file('/var/lib/trocla/trocla_data.yaml').with( + :ensure => 'file', + :owner => 'puppet', + :group => 0, + :mode => '0600' + )} + it { should compile.with_all_deps } + end +end + diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..381f972 --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,13 @@ +require 'puppetlabs_spec_helper/module_spec_helper' +require 'rake' + +fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) + +RSpec.configure do |c| + c.module_path = File.join(fixture_path, 'modules') + c.manifest_dir = File.join(fixture_path, 'manifests') + c.pattern = FileList[c.pattern].exclude(/^spec\/fixtures/) +end + +Puppet::Util::Log.level = :warning +Puppet::Util::Log.newdestination(:console) diff --git a/templates/troclarc.yaml.erb b/templates/troclarc.yaml.erb index cd4da3d..5584fd8 100644 --- a/templates/troclarc.yaml.erb +++ b/templates/troclarc.yaml.erb @@ -1,20 +1,44 @@ ---- -options: - random: <%= @random_passwords %> - length: <%= @password_length %> -adapter: :<%= @adapter %> -<% unless @adapter_options.empty? %> -adapter_options: -<% @adapter_options.keys.sort.each do |key| -%> - :<%= key %>: '<%= @adapter_options[key] %>' -<% end -%> -<% end -%> -<% if @encryption %> -encryption: :<%= @encryption %> -<% end -%> -<% unless @ssl_options.empty? %> -ssl_options: -<% @ssl_options.keys.sort.each do |key| -%> - :<%= key %>: '<%= @ssl_options[key] %>' -<% end -%> +<% + # stupid but effective sorting of yaml + # forgive me for that, but puppet monkeypatches yaml heavily and breaks it constantly + # for our use case it should be sufficient, otherwise we need to + # extent it to address the new problems + def sort_pseudo_yaml(obj, indent='') + arr = obj.sort {|a,b| (a[0].is_a?(Symbol) ? a[0].to_s : a[0]) <=> (b[0].is_a?(Symbol) ? b[0].to_s : b[0]) } + out = [] + arr.each do |e| + if e[1].is_a?(Hash) + out << "#{indent}#{e[0]}:" + out << sort_pseudo_yaml(e[1],indent+' ') + elsif e[1].is_a?(Array) + out << (["#{indent}#{e[0]}:"]+e[1].collect{|e| "- #{e}" }).join("\n#{indent}") + else + out << "#{indent}#{e[0].is_a?(Symbol) ? ":#{e[0].to_s}" : e[0]}: #{e[1].is_a?(Symbol) ? ":#{e[1].to_s}" : e[1]}" + end + end + out.join("\n") + end + def sym_keys(h) + h.keys.inject({}) do |r,k| + r[k.to_sym] = h[k] + r + end + end + # transform special options so they are understood by the other libraries + so = @store_options.dup + so['adapter'] = so['adapter'].to_sym if so['adapter'] + so['adapter_options'] = sym_keys(so['adapter_options']) if so['adapter_options'] + eo = @encryption_options ? sym_keys(@encryption_options) : {} + options_hash = { + 'store' => @store.nil? ? @store : @store.to_sym, + 'store_options' => so, + 'encryption' => @encryption.nil? ? @encryption : @encryption.to_sym, + 'encryption_options' => eo, + 'options' => @options, + 'profiles' => @merged_profiles, + }.delete_if{|k,v| v.nil? || (v.is_a?(Symbol) ? v.to_s : v).empty? } + output = sort_pseudo_yaml(options_hash) +-%>--- +<% unless output.empty? -%> +<%= output %> <% end -%> -- cgit v1.2.3 From b478a4eb162d5a3a117c44ef9b49f20462facf50 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 29 Jan 2016 19:14:12 +0100 Subject: also manage directory as puppet user needs write perms as well --- manifests/yaml.pp | 23 +++++++++++++++++------ spec/classes/yaml_spec.rb | 6 ++++++ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/manifests/yaml.pp b/manifests/yaml.pp index 8ac0071..aca164b 100644 --- a/manifests/yaml.pp +++ b/manifests/yaml.pp @@ -6,7 +6,8 @@ # Default: /var/lib/trocla/trocla_data.yaml # This should be managed using the package. class trocla::yaml( - $data_file = '/var/lib/trocla/trocla_data.yaml', + $manage_data_dir = true, + $data_file = '/var/lib/trocla/trocla_data.yaml', ) { class{'trocla::config': @@ -19,10 +20,20 @@ class trocla::yaml( }, } - file{$data_file: - ensure => file, - owner => puppet, - group => 0, - mode => '0600'; + if $manage_data_dir { + $data_dir = dirname($data_file) + file{$data_dir: + ensure => directory, + owner => puppet, + group => 0, + mode => '0600'; + } + } + file{ + $data_file: + ensure => file, + owner => puppet, + group => 0, + mode => '0600'; } } diff --git a/spec/classes/yaml_spec.rb b/spec/classes/yaml_spec.rb index c5912f2..53ee507 100644 --- a/spec/classes/yaml_spec.rb +++ b/spec/classes/yaml_spec.rb @@ -27,6 +27,12 @@ store_options: adapter_options: :file: /var/lib/trocla/trocla_data.yaml ") } + it { should contain_file('/var/lib/trocla').with( + :ensure => 'directory', + :owner => 'puppet', + :group => 0, + :mode => '0600' + )} it { should contain_file('/var/lib/trocla/trocla_data.yaml').with( :ensure => 'file', :owner => 'puppet', -- cgit v1.2.3 From 9af8b4274e47b9c89be3368fa6981fd6ab464cb9 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 29 Jan 2016 19:33:23 +0100 Subject: make sure we manage things after the package --- manifests/yaml.pp | 6 ++++-- spec/classes/yaml_spec.rb | 18 ++++++++++-------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/manifests/yaml.pp b/manifests/yaml.pp index aca164b..7727219 100644 --- a/manifests/yaml.pp +++ b/manifests/yaml.pp @@ -26,7 +26,8 @@ class trocla::yaml( ensure => directory, owner => puppet, group => 0, - mode => '0600'; + mode => '0600', + require => Package['trocla']; } } file{ @@ -34,6 +35,7 @@ class trocla::yaml( ensure => file, owner => puppet, group => 0, - mode => '0600'; + mode => '0600', + require => Package['trocla']; } } diff --git a/spec/classes/yaml_spec.rb b/spec/classes/yaml_spec.rb index 53ee507..9ded270 100644 --- a/spec/classes/yaml_spec.rb +++ b/spec/classes/yaml_spec.rb @@ -28,16 +28,18 @@ store_options: :file: /var/lib/trocla/trocla_data.yaml ") } it { should contain_file('/var/lib/trocla').with( - :ensure => 'directory', - :owner => 'puppet', - :group => 0, - :mode => '0600' + :ensure => 'directory', + :owner => 'puppet', + :group => 0, + :mode => '0600', + :require => 'Package[trocla]', )} it { should contain_file('/var/lib/trocla/trocla_data.yaml').with( - :ensure => 'file', - :owner => 'puppet', - :group => 0, - :mode => '0600' + :ensure => 'file', + :owner => 'puppet', + :group => 0, + :mode => '0600', + :require => 'Package[trocla]', )} it { should compile.with_all_deps } end -- cgit v1.2.3 From bc681b1597e610caa7e746293e42d89f4c0dda0d Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 27 Mar 2016 12:30:22 +0200 Subject: make it work on ruby 1.8.7 --- Gemfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 71032cf..9098065 100644 --- a/Gemfile +++ b/Gemfile @@ -3,21 +3,22 @@ source 'https://rubygems.org' if ENV.key?('PUPPET_VERSION') puppetversion = "~> #{ENV['PUPPET_VERSION']}" else - puppetversion = ['>= 3.8.4'] + puppetversion = ['>= 3.8.6'] end if RUBY_VERSION == '1.8.7' - puppetversion = ['~> 3.8.4'] + puppetversion = ['~> 3.8.6'] gem 'i18n', '~> 0.6.11' gem 'activesupport', '~> 3.2' gem 'highline', '~> 1.6.21' gem 'librarian-puppet', '~> 1.0.0' gem 'rspec', '~> 3.1.0' + gem 'rake', '< 11' else gem 'librarian-puppet' + gem 'rake' end gem 'puppet', puppetversion gem 'puppet-lint' gem 'puppetlabs_spec_helper' -gem 'rake' -- cgit v1.2.3 From 9b42dd9883edcf59b517c1353f90d4610f9812c1 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 27 Mar 2016 12:30:32 +0200 Subject: improve travis integration --- .travis.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index c85bde4..1ac8b2f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,15 +1,16 @@ rvm: - 1.8.7 - 1.9.3 - - 2.0.0 -script: 'bundle exec rake spec' + - 2.2.0 +script: 'bundle exec rake' env: - - PUPPET_VERSION=3.8.4 + - PUPPET_VERSION=3.8.6 + - PUPPET_VERSION=4.4.1 matrix: exclude: # No support for Ruby 2.0 before Puppet 3.2 - - rvm: 2.0.0 - env: PUPPET_VERSION=3.0.0 - - rvm: 2.0.0 - env: PUPPET_VERSION=3.1.0 + - rvm: 2.2.0 + env: PUPPET_VERSION=3.8.6 + - rvm: 1.8.7 + env: PUPPET_VERSION=4.4.1 -- cgit v1.2.3 From b19db630c21678afa2c9b7a7b67b9773f5a3e4d5 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 27 Mar 2016 12:32:49 +0200 Subject: make it 1.8.7 compatible --- spec/classes/master_hiera_spec.rb | 2 +- spec/classes/yaml_spec.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/classes/master_hiera_spec.rb b/spec/classes/master_hiera_spec.rb index 62112fb..287abaa 100644 --- a/spec/classes/master_hiera_spec.rb +++ b/spec/classes/master_hiera_spec.rb @@ -4,7 +4,7 @@ describe 'trocla::master::hiera', :type => 'class' do context 'with default params' do it { should compile.with_all_deps } it { should contain_package('rubygem-hiera-backend-trocla').with( - :ensure => 'present', + :ensure => 'present' )} end end diff --git a/spec/classes/yaml_spec.rb b/spec/classes/yaml_spec.rb index 9ded270..49d2cb5 100644 --- a/spec/classes/yaml_spec.rb +++ b/spec/classes/yaml_spec.rb @@ -32,14 +32,14 @@ store_options: :owner => 'puppet', :group => 0, :mode => '0600', - :require => 'Package[trocla]', + :require => 'Package[trocla]' )} it { should contain_file('/var/lib/trocla/trocla_data.yaml').with( :ensure => 'file', :owner => 'puppet', :group => 0, :mode => '0600', - :require => 'Package[trocla]', + :require => 'Package[trocla]' )} it { should compile.with_all_deps } end -- cgit v1.2.3 From 2935a074cb9fa748b49181112755dce0168df2cc Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 27 Mar 2016 17:15:40 +0200 Subject: make a ca by default very very long --- manifests/ca/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/ca/params.pp b/manifests/ca/params.pp index bb61248..437e990 100644 --- a/manifests/ca/params.pp +++ b/manifests/ca/params.pp @@ -3,7 +3,7 @@ # trocla('some_ca','x509',$trocla::ca::params::ca_options) class trocla::ca::params( $trocla_options = { - 'profiles' => ['sysdomain_nc','x509long'], + 'profiles' => ['sysdomain_nc','x509veryverylong'], 'CN' => "automated-ca ${name} for ${::domain}", }, ) { -- cgit v1.2.3 From a6f7f11b140ea6185f6c28e4f3f5809c69809088 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 29 May 2016 14:11:31 +0200 Subject: a final release --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index a5b7d9a..ad42fc5 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "duritong-trocla", - "version": "0.2.2", + "version": "1.0.0", "author": "duritong", "summary": "This modules allows you to use trocla (https://github.com/duritong/trocla) from puppet.", "license": "GPLv2", -- cgit v1.2.3 From 70b87a890319b262641503e78495b83df24f20ea Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 7 Jun 2016 21:59:18 +0200 Subject: whitespace cleanup --- lib/puppet/parser/functions/trocla.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/puppet/parser/functions/trocla.rb b/lib/puppet/parser/functions/trocla.rb index e042872..b1a7b61 100644 --- a/lib/puppet/parser/functions/trocla.rb +++ b/lib/puppet/parser/functions/trocla.rb @@ -27,7 +27,7 @@ Options can also be passed as a yaml string: " ) do |*args| require File.dirname(__FILE__) + '/../../util/trocla_helper' - + Puppet::Util::TroclaHelper.trocla(:password,true,*args) end end -- cgit v1.2.3 From bbedb788a7951e2f69c1c2815a5c3c669ff02ae6 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 7 Jun 2016 21:59:33 +0200 Subject: keep trocla object around - addresses #18 Per puppet function call we now created a new Trocla object. This is a) a very naive approach and b) obviously can lead to a lot of inefficiency as we for example need to build up trocla each time again. Also this means that we are running into problems like opening a connection to a database system each time a trocla lookup is done (and we never close the connection :-/). The proper way to solve this is to make sure we don't create too many trocla objects. With this change, we should now create once a global trocla object PER puppet(-master/-server) process and keep it around for the life time of such a process. --- lib/puppet/util/trocla_helper.rb | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/lib/puppet/util/trocla_helper.rb b/lib/puppet/util/trocla_helper.rb index 94670ae..ce583f5 100644 --- a/lib/puppet/util/trocla_helper.rb +++ b/lib/puppet/util/trocla_helper.rb @@ -22,13 +22,22 @@ module Puppet::Util::TroclaHelper options = YAML.load(options) end - configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") + has_options ? store.send(trocla_func, key, format, options) : store.send(trocla_func, key, format) + end + module_function :trocla + + private - raise(Puppet::ParseError, "Trocla config file #{configfile} is not readable") unless File.exist?(configfile) + def store + @store ||= begin + require 'trocla' + configfile = File.join(File.dirname(Puppet.settings[:config]), "troclarc.yaml") - require 'trocla' + raise(Puppet::ParseError, "Trocla config file #{configfile} is not readable") unless File.exist?(configfile) - has_options ? Trocla.new(configfile).send(trocla_func, key, format, options) : Trocla.new(configfile).send(trocla_func, key, format) + Trocla.new(configfile) + end end - module_function :trocla + module_function :store + end -- cgit v1.2.3 From 5d0e9d986fc145317f0b3abac702e6689ffb4245 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 7 Jun 2016 22:37:34 +0200 Subject: add travis icon --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 8874f63..8c277c1 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # trocla +[![Build Status](https://travis-ci.org/duritong/puppet-trocla.png)](https://travis-ci.org/duritong/puppet-trocla) + This is the puppet module to manage a trocla installation on the puppet master. It also, provides the necessary function to query trocla from puppet. -- cgit v1.2.3 From f95965b8a1be29fffc2d2a7325d7428f003d0855 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 18 Jun 2016 12:36:33 +0200 Subject: release a new version --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index ad42fc5..ae33a84 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "duritong-trocla", - "version": "1.0.0", + "version": "1.0.1", "author": "duritong", "summary": "This modules allows you to use trocla (https://github.com/duritong/trocla) from puppet.", "license": "GPLv2", -- cgit v1.2.3 From 0399b2cf18b05ad2f68b3182e797a395afb0fee4 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 18 Jun 2016 17:37:08 +0200 Subject: make it run on 1.8.7 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 9098065..501addb 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ if RUBY_VERSION == '1.8.7' gem 'i18n', '~> 0.6.11' gem 'activesupport', '~> 3.2' gem 'highline', '~> 1.6.21' - gem 'librarian-puppet', '~> 1.0.0' + gem 'librarian-puppet', '~> 1.5.0' gem 'rspec', '~> 3.1.0' gem 'rake', '< 11' else -- cgit v1.2.3 From 8c1aac4f23d245cda54994737c72a868d112db87 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 18 Jun 2016 17:37:26 +0200 Subject: ignore pkg --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 493131d..c0162c6 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ spec/fixtures .librarian .tmp *.lock +pkg/ -- cgit v1.2.3