[MediaWiki-commits] [Gerrit] Add parser function secret() to get secret data - change (operations/puppet)

Thu, 09 Jul 2015 08:04:03 -0700 

BBlack has submitted this change and it was merged.

Change subject: Add parser function secret() to get secret data
......................................................................


Add parser function secret() to get secret data

secret('foo/bar') fetches content from the path 'secrets/foo/bar'
in the module 'secret', which is defined in the private
repository.  This is an alternative to sourcing raw files from the
fileserver which is more-secure.

Change-Id: I4e81b9ace0f233832a7114152d99d5781a15768a
---
A modules/wmflib/lib/puppet/parser/functions/secret.rb
1 file changed, 29 insertions(+), 0 deletions(-)

Approvals:
  Faidon Liambotis: Looks good to me, but someone else must approve
  BBlack: Verified; Looks good to me, approved



diff --git a/modules/wmflib/lib/puppet/parser/functions/secret.rb 
b/modules/wmflib/lib/puppet/parser/functions/secret.rb
new file mode 100644
index 0000000..fc66a02
--- /dev/null
+++ b/modules/wmflib/lib/puppet/parser/functions/secret.rb
@@ -0,0 +1,29 @@
+require 'pathname'
+
+module Puppet::Parser::Functions
+  newfunction(:secret, :type => :rvalue) do |args|
+    mod_name = 'secret'
+    secs_subdir = '/secrets/'
+
+    if args.length != 1 || !args.first.is_a?(String)
+      fail(ArgumentError, 'secret(): exactly one string arg')
+    end
+    in_path = args.first
+
+    if mod = Puppet::Module.find(mod_name)
+       mod_path = mod.path()
+    else
+      fail("secret(): Module #{mod_name} not found")
+    end
+
+    sec_path = mod_path + secs_subdir + in_path
+    final_path = Pathname.new(sec_path).cleanpath()
+
+    # Bail early if it's not a regular, readable file
+    if !final_path.file? || !final_path.readable?
+      fail(ArgumentError, "secret(): invalid secret #{in_path}")
+    end
+
+    return final_path.read()
+  end
+end

-- 
To view, visit https://gerrit.wikimedia.org/r/223494
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I4e81b9ace0f233832a7114152d99d5781a15768a
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>
Gerrit-Reviewer: BBlack <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to