Adding an option to disable creating keys when enabling hiera-eyaml and #42
Conversation
|
+1, would help us in ops because without this flexibility managing keys from outside the module is much more awkward; we end up with a conflicting file resource. |
| file { "${confdir}/keys/private_key.pkcs7.pem": | ||
| ensure => file, | ||
| mode => '0600', | ||
| require => Exec['createkeys'], |
There was a problem hiding this comment.
This dependency will fail if create_keys => false, manage_keys => true
Is that even a valid use case, though?
There was a problem hiding this comment.
Probably not. I will update it.
mattkirby
force-pushed
the
kirby_flexible_keys
branch
from
bb749e5 to
faaf2b4
Compare
|
I have removed the manage_keys option since it didn't make sense and instead manage the file resource if the keys are created. The create_keys option has been documented. I've also updated the commit message to be more descriptive. |
| @@ -34,4 +34,6 @@ | |||
| $backends = ['yaml'] | |||
| $logger = 'console' | |||
| $eyaml_extension = undef | |||
| $create_keys = true | |||
| $manage_keys = true | |||
There was a problem hiding this comment.
Could you remove this line also, now that it's not used?
There was a problem hiding this comment.
Yes. I have removed it now.
Without this change hiera-eyaml generates pkcs7 keys automatically if the eyaml backend is enabled. This adds a parameter called create_keys to allow disabling key creation. The parameter defaults to true, so the current module behavior is preserved. If set to false you are able to manage the keys outside of this module. Adding a default owner and group for file resources in eyaml.pp to reduce duplication.
mattkirby
force-pushed
the
kirby_flexible_keys
branch
from
faaf2b4 to
1e9e049
Compare
Adding an option to disable creating keys when enabling hiera-eyaml and
managing the keys files. Adding a default owner and group for file
resources in eyaml.pp to reduce duplication.