Conversation
logicminds
force-pushed
the
hieradata
branch
from
5fe8a21 to
92658d9
Compare
|
@kenyon Made the hieradata changes and updated the REFERENCE. Sadly I can't use the ensure function you pointed out because sometimes the ensure value will be a version string and the function doesn't support that. I was questioning if there was a better way to handle PE separation. Currently: Regarding the secrets: The goal was to allow the user to be able to "encrypt" the entire config hash as a complete override or just "encrypt" the secret. I think most people will encrypt just the secret but I wanted the possibility to allow folks to override anything they needed just in case I didn't supply a parameter for that config. So in the deep_merge statement I had to unwrap the config and sensitive secret to merge them together. Please let me know if this was an incorrect assumption. Technically, this was about how the code worked before but I made some minor changes like passing in the secret. https://github.com/voxpupuli/puppet-autosign/blob/hieradata/manifests/init.pp#L119 |
|
I use |
| } | ||
|
|
||
| # Merge the default config with the user-provided config, unwrap before merging | ||
| $settings = Sensitive.new(deep_merge({ |
There was a problem hiding this comment.
| $settings = Sensitive.new(deep_merge({ | |
| $settings = Sensitive.new(deep_merge({ |
| # THIS IS NOT SECURE! It is marginally better than harcoding a password, | ||
| # but it can be replicated externaly to the Puppet Master. | ||
| # Please override this. It will also cause multi-master setups to not work | ||
| # correctly, all the more reason to override it. |
There was a problem hiding this comment.
This kind of comment should not be needed. The code should instead raise an error to avoid an insecure configuration in the first place.
There was a problem hiding this comment.
valid. However, this is outside the scope of the PR. Created #59 to fix this later
* Replaces params with hiera data * Simplifies the code by removing the install and config classes
Simplifies the hiera data hierarchy by removing redundant OS-specific configuration files and adding explicit configfile parameters where needed. Changes: - Removed data/common.yaml (consolidated into platform-specific files) - Removed data/osfamily/Debian.yaml (redundant configuration) - Removed data/osfamily/RedHat.yaml (redundant configuration) - Removed data/osfamily/Suse.yaml (redundant configuration) - Added explicit configfile parameter to FreeBSD hiera data - Added explicit configfile parameter to Puppet Enterprise hiera data - Minor formatting cleanup in manifests/init.pp
* Remove extra spacing in parameters
logicminds
force-pushed
the
hieradata
branch
2 times, most recently
from
fb49f01 to
7097fa3
Compare
- Add documentation for journalpath and jwt_token_secret parameters - Fix typo: 'Weather' -> 'Whether' in manage_journalfile parameter - Update jwt_token_secret type constraint to String[30] and increase random string length to 32 - Remove redundant comments and unnecessary require dependency
3 participants
This modernizes the module by switching to the hiera data in module pattern. I have also simplified the code by bringing the classes into a single class. It seemed easier to read with everything in one class rather than splitting 1-2 resources into another class where I would have had to reference variables for other classes and potentially break compatibility with prior versions.
This will require a major version change since it changes the params interface a little bit. I thought this would be appropriate since the specific module has not been released under Vox's namespace yet.
I also updated the sensitive configurations and removed some of the legacy code that was no longer needed.
Additionally, for the config file there is now direct control of some of the configuration via hiera data.
A bit more work after this PR is still needed so this won't be released just yet. Should we should release a minor update first before merging this?
Incidentally Fixes #12 and #10 because hiera data does not rely on a version string anymore.