50 lines
1.8 KiB
Puppet
50 lines
1.8 KiB
Puppet
# Copyright 2016 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: include_and_check_auth
|
|
#
|
|
# Include an OpenStack MySQL profile and configures it for alternative
|
|
# client authentication like e.g. ed25519
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*module*]
|
|
# (Optional) The puppet module to include
|
|
# Defaults to $title
|
|
#
|
|
# [*mysql_auth_ed25519*]
|
|
# (Optional) Use MariaDB's ed25519 authentication plugin to authenticate
|
|
# a user when connecting to the server
|
|
# Defaults to lookup('mysql_auth_ed25519', undef, undef, false)
|
|
#
|
|
define tripleo::profile::base::database::mysql::include_and_check_auth(
|
|
$module = $title,
|
|
$mysql_auth_ed25519 = lookup('mysql_auth_ed25519', undef, undef, false),
|
|
) {
|
|
include $module
|
|
if ($mysql_auth_ed25519) {
|
|
# currently all openstack puppet modules create MySQL users
|
|
# by hashing their password for the default auth method.
|
|
# If ed25519 auth is enabled, we must hash the password
|
|
# differently; so do it with a collector until all
|
|
# openstack modules support ed25519 auth natively.
|
|
$stripped_module_name = regsubst($module,'^::','')
|
|
$password_key = "${stripped_module_name}::password"
|
|
Openstacklib::Db::Mysql<| tag == $stripped_module_name |> {
|
|
plugin => 'ed25519',
|
|
password_hash => mysql_ed25519_password(lookup($password_key))
|
|
}
|
|
}
|
|
}
|