Rebase and apply new refs

voxpupuli · Nov 9, 2023 · 828f4cd · 828f4cd
1 parent 7d70d2e
commit 828f4cd
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 89 deletions.
diff --git a/README.md b/README.md
@@ -114,23 +114,53 @@ class { 'rundeck':
 }
 ```
 
-### Use HashiCorp vault as keystorage
+### Configure HashiCorp vault as keystorage
 
 An additional [Rundeck Vault plugin](https://github.com/rundeck-plugins/vault-storage/) is required.
 
 ```Puppet
 class { 'rundeck':
-  key_storage_type                   => 'vault',
-  vault_keystorage_url               => 'https://vault.example.com',
-  vault_keystorage_prefix            => 'rundeck',
-  vault_keystorage_approle_approleid => 'xxx-xxx-xxx-xxx-xxx',
-  vault_keystorage_approle_secretid  => 'xxx-xxx-xxx-xxx-xxx',
-  vault_keystorage_approle_authmount => 'approle',
-  vault_keystorage_authbackend       => 'approle',
+  key_storage_config => [
+    {
+      'type'   => 'vault-storage',
+      'path'   => '/keys/vault',
+      'config' => {
+        'prefix'           => 'rundeck',
+        'address'          => 'https://vault.example.com',
+        'storageBehaviour' => 'vault',
+        'secretBackend'    => 'rundeck',
+        'engineVersion'    => '2',
+        'authBackend'      => 'approle',
+        'approleAuthMount' => 'approle',
+        'approleId'        => 'xxx-xxx-xxx-xxx-xxx',
+        'approleSecretId'  => 'xxx-xxx-xxx-xxx-xxx',
+      },
+    },
+  ],
+}
+```
+
+### Configure multiple keystorage types
+
+```Puppet
+class { 'rundeck':
+  key_storage_config => [
+    {
+      'type'   => 'file',
+      'path'   => '/keys',
+      'config' => {
+        'baseDir => '/path/to/dir',
+      },
+    },
+    {
+      'type' => 'db',
+      'path' => '/keys/database',
+    },
+  ],
 }
 ```
 
-### Configuring shared authentication credentials
+### Configure shared authentication credentials
 
 To perform LDAP authentication and file authorization following code can be used.
 

diff --git a/REFERENCE.md b/REFERENCE.md
@@ -70,15 +70,9 @@ The following parameters are available in the `rundeck` class:
 * [`jvm_args`](#-rundeck--jvm_args)
 * [`kerberos_realms`](#-rundeck--kerberos_realms)
 * [`key_password`](#-rundeck--key_password)
-* [`key_storage_type`](#-rundeck--key_storage_type)
+* [`key_storage_config`](#-rundeck--key_storage_config)
 * [`keystore`](#-rundeck--keystore)
 * [`keystore_password`](#-rundeck--keystore_password)
-* [`vault_keystorage_url`](#-rundeck--vault_keystorage_url)
-* [`vault_keystorage_prefix`](#-rundeck--vault_keystorage_prefix)
-* [`vault_keystorage_approle_approleid`](#-rundeck--vault_keystorage_approle_approleid)
-* [`vault_keystorage_approle_secretid`](#-rundeck--vault_keystorage_approle_secretid)
-* [`vault_keystorage_approle_authmount`](#-rundeck--vault_keystorage_approle_authmount)
-* [`vault_keystorage_authbackend`](#-rundeck--vault_keystorage_authbackend)
 * [`log_properties_template`](#-rundeck--log_properties_template)
 * [`mail_config`](#-rundeck--mail_config)
 * [`sshkey_manage`](#-rundeck--sshkey_manage)
@@ -286,13 +280,13 @@ The default key password.
 
 Default value: `$rundeck::params::key_password`
 
-##### <a name="-rundeck--key_storage_type"></a>`key_storage_type`
+##### <a name="-rundeck--key_storage_config"></a>`key_storage_config`
 
-Data type: `Enum['db', 'file', 'vault']`
+Data type: `Array[Hash]`
 
-Type used to store secrets. Must be 'file', 'db' or 'vault'
+An array with hashes of properties for customizing the [Rundeck Key Storage](https://docs.rundeck.com/docs/manual/key-storage/key-storage.html)
 
-Default value: `$rundeck::params::key_storage_type`
+Default value: `$rundeck::params::key_storage_config`
 
 ##### <a name="-rundeck--keystore"></a>`keystore`
 
@@ -310,54 +304,6 @@ The password for the given keystore.
 
 Default value: `$rundeck::params::keystore_password`
 
-##### <a name="-rundeck--vault_keystorage_url"></a>`vault_keystorage_url`
-
-Data type: `Optional[Stdlib::HTTPSUrl]`
-
-A url to a HashiCorp vault instance.
-
-Default value: `undef`
-
-##### <a name="-rundeck--vault_keystorage_prefix"></a>`vault_keystorage_prefix`
-
-Data type: `Optional[String[1]]`
-
-HashiCorp vault kv path prefix.
-
-Default value: `undef`
-
-##### <a name="-rundeck--vault_keystorage_approle_approleid"></a>`vault_keystorage_approle_approleid`
-
-Data type: `Optional[String[1]]`
-
-HashiCorp vault approle role id.
-
-Default value: `undef`
-
-##### <a name="-rundeck--vault_keystorage_approle_secretid"></a>`vault_keystorage_approle_secretid`
-
-Data type: `Optional[String[1]]`
-
-HashiCorp vault approle secret id.
-
-Default value: `undef`
-
-##### <a name="-rundeck--vault_keystorage_approle_authmount"></a>`vault_keystorage_approle_authmount`
-
-Data type: `Optional[String[1]]`
-
-HashiCorp vault auth sys mount.
-
-Default value: `undef`
-
-##### <a name="-rundeck--vault_keystorage_authbackend"></a>`vault_keystorage_authbackend`
-
-Data type: `Optional[String[1]]`
-
-HashiCorp vault authentication backend.
-
-Default value: `undef`
-
 ##### <a name="-rundeck--log_properties_template"></a>`log_properties_template`
 
 Data type: `String`

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -38,24 +38,12 @@
 #   A hash of mappings between Kerberos domain DNS names and realm names
 # @param key_password
 #   The default key password.
-# @param key_storage_type
-#   Type used to store secrets. Must be 'file', 'db' or 'vault'
+# @param key_storage_config
+#   An array with hashes of properties for customizing the [Rundeck Key Storage](https://docs.rundeck.com/docs/manual/key-storage/key-storage.html)
 # @param keystore
 #   Full path to the java keystore to be used by Rundeck.
 # @param keystore_password
 #   The password for the given keystore.
-# @param vault_keystorage_url
-#   A url to a HashiCorp vault instance.
-# @param vault_keystorage_prefix
-#   HashiCorp vault kv path prefix.
-# @param vault_keystorage_approle_approleid
-#   HashiCorp vault approle role id.
-# @param vault_keystorage_approle_secretid
-#   HashiCorp vault approle secret id.
-# @param vault_keystorage_approle_authmount
-#   HashiCorp vault auth sys mount.
-# @param vault_keystorage_authbackend
-#   HashiCorp vault authentication backend.
 # @param log_properties_template
 #   The template used for log properties. Default is rundeck/log4j.properties.erb.
 # @param mail_config
@@ -186,15 +174,9 @@
   String                              $jvm_args                           = $rundeck::params::jvm_args,
   Hash                                $kerberos_realms                    = $rundeck::params::kerberos_realms,
   String                              $key_password                       = $rundeck::params::key_password,
-  Enum['db', 'file', 'vault']         $key_storage_type                   = $rundeck::params::key_storage_type,
+  Array[Hash]                         $key_storage_config                 = $rundeck::params::key_storage_config,
   Stdlib::Absolutepath                $keystore                           = $rundeck::params::keystore,
   String                              $keystore_password                  = $rundeck::params::keystore_password,
-  Optional[Stdlib::HTTPSUrl]          $vault_keystorage_url               = undef,
-  Optional[String[1]]                 $vault_keystorage_prefix            = undef,
-  Optional[String[1]]                 $vault_keystorage_approle_approleid = undef,
-  Optional[String[1]]                 $vault_keystorage_approle_secretid  = undef,
-  Optional[String[1]]                 $vault_keystorage_approle_authmount = undef,
-  Optional[String[1]]                 $vault_keystorage_authbackend       = undef,
   String                              $log_properties_template            = $rundeck::params::log_properties_template,
   Hash                                $mail_config                        = $rundeck::params::mail_config,
   Boolean                             $sshkey_manage                      = $rundeck::params::sshkey_manage,