Support secrets #13
Support secrets #13
Conversation
|
I just rebased this PR on top of your |
| $log_level = 'info', | ||
| $ulimit = undef, | ||
| $secret = undef, | ||
| $mesos_authentication_secret_file = '/etc/marathon/.secret', |
There was a problem hiding this comment.
Ok.. I've thought about this a bit and can we maybe do:
$mesos_auth_principal = undef,
$mesos_auth_secret = undef,
$mesos_auth_secret_file = '/etc/marathon/.secret',And then:
if ($mesos_auth_principal != undef) and ($mesos_auth_secret != undef) {
$secret_options = {
'mesos_authentication_principal' => $mesos_auth_principal,
'mesos_authentication_secret_file' => $mesos_auth_secret_file,
}
} else { ...Sorry for chopping and changing... $mesos_authentication_secret_file seems a bit long and also the secret is not much good without a principal.
Does this API sound good to you?
|
Can you explain to me what you mean by "puppet is doing it's magic to auto-require".. As far as I can see the |
|
Setting all auth options as param is fine. It's a bit tricky to get the overload logic. Source: https://docs.puppetlabs.com/references/latest/type.html#file |
|
Ah thanks. Learn something new every day about Puppet :/ |
| $mesos_auth_secret = undef, | ||
| $mesos_auth_secret_file = '/etc/marathon/.secret', | ||
| $java_home = undef, | ||
| $java_opts = '-Xmx512m', |
There was a problem hiding this comment.
Indentation of the = a bit messed up here since the parameter names got shorter.
|
I just rebased on current develop and fixed the indenting. |
|
Thanks for your work. I think we should simplify the Mesos authentication logic and just either completely manage the auth principal/secret or not at all. See this diff: https://gist.github.com/JayH5/57f236f74d917442db2b |
|
Sounds good to me. I'll merge your git and update the tests. |
|
lgtm. Can you please add a test where one of the principal/secret is not set and the secrets file and properties are not set? |
This allows to set up framework authentication
|
these? |
|
Perfect :) Thank you. |
|
@felixb: Finally got around to releasing version 0.3.0 with your changes 😄 |
This allows to set up framework authentication.