pacemaker/crm_lrmsecrets_3a81b7eae666.patch

# HG changeset patch
# User Dejan Muhamedagic <dejan@hello-penguin.com>
# Date 1313760016 -7200
# Node ID 3a81b7eae66672dd9873fe6b53ee3c0da6fc87d7
# Parent  e8ea8fb95f310997995576ee831693b0d3b2736a
Medium: Shell: support for LRM secrets in resource level

diff --git a/doc/crm.8.txt b/doc/crm.8.txt
--- a/doc/crm.8.txt
+++ b/doc/crm.8.txt
@@ -869,6 +869,34 @@ Example:
         param ip_0 show ip
 ...............
 
+[[cmdhelp_resource_secret,manage sensitive parameters]]
+==== `secret`
+
+Sensitive parameters can be kept in local files rather than CIB
+in order to prevent accidental data exposure. Use the `secret`
+command to manage such parameters. `stash` and `unstash` move the
+value from the CIB and back to the CIB respectively. The `set`
+subcommand sets the parameter to the provided value. `delete`
+removes the parameter completely. `show` displays the value of
+the parameter from the local file. Use `check` to verify if the
+local file content is valid.
+
+Usage:
+...............
+        secret <rsc> set <param> <value>
+        secret <rsc> stash <param>
+        secret <rsc> unstash <param>
+        secret <rsc> delete <param>
+        secret <rsc> show <param>
+        secret <rsc> check <param>
+...............
+Example:
+...............
+        secret fence_1 show password
+        secret fence_1 stash password
+        secret fence_1 set password secret_value
+...............
+
 [[cmdhelp_resource_meta,manage a meta attribute]]
 ==== `meta`
 
diff --git a/shell/modules/ui.py.in b/shell/modules/ui.py.in
--- a/shell/modules/ui.py.in
+++ b/shell/modules/ui.py.in
@@ -661,7 +661,8 @@ def manage_attr(cmd,attr_ext_commands,*a
         else:
             bad_usage(cmd,' '.join(args))
             return False
-    elif args[1] in ('delete','show'):
+    elif args[1] in ('delete','show') or \
+            (cmd == "secret" and args[1] in ('stash','unstash','check')):
         if len(args) == 3:
             if not is_name_sane(args[0]) \
                     or not is_name_sane(args[2]):
@@ -770,6 +771,14 @@ program.
         'delete': "crm_resource -z -r '%s' -d '%s'",
         'show': "crm_resource -z -r '%s' -g '%s'",
     }
+    rsc_secret =  {
+        'set': "cibsecret set '%s' '%s' '%s'",
+        'stash': "cibsecret stash '%s' '%s'",
+        'unstash': "cibsecret unstash '%s' '%s'",
+        'delete': "cibsecret delete '%s' '%s'",
+        'show': "cibsecret get '%s' '%s'",
+        'check': "cibsecret check '%s' '%s'",
+    }
     rsc_refresh = "crm_resource -R"
     rsc_refresh_node = "crm_resource -R -H '%s'"
     rsc_reprobe = "crm_resource -P"
@@ -787,6 +796,7 @@ program.
         self.cmd_table["migrate"] = (self.migrate,(1,4),0,1)
         self.cmd_table["unmigrate"] = (self.unmigrate,(1,1),0,1)
         self.cmd_table["param"] = (self.param,(3,4),1,1)
+        self.cmd_table["secret"] = (self.secret,(3,4),1,1)
         self.cmd_table["meta"] = (self.meta,(3,4),1,1)
         self.cmd_table["utilization"] = (self.utilization,(3,4),1,1)
         self.cmd_table["failcount"] = (self.failcount,(3,4),0,0)
@@ -924,6 +934,16 @@ program.
         param <rsc> show <param>"""
         d = lambda: manage_attr(cmd,self.rsc_param,*args)
         return d()
+    def secret(self,cmd,*args):
+        """usage:
+        secret <rsc> set <param> <value>
+        secret <rsc> stash <param>
+        secret <rsc> unstash <param>
+        secret <rsc> delete <param>
+        secret <rsc> show <param>
+        secret <rsc> check <param>"""
+        d = lambda: manage_attr(cmd,self.rsc_secret,*args)
+        return d()
     def meta(self,cmd,*args):
         """usage:
         meta <rsc> set <attr> <value>
- Upgrade to 1.1.6. - PE: Demote from Master does not clear previous errors - crmd: Prevent secondary DC fencing resulting from CIB updates that are lost due to elections - crmd: Log duplicate DC detection as a WARNING not ERROR - crmd: Bug lf#2632 - Correctly handle nodes that return faster than stonith - Core: Treat GNUTLS_E_UNEXPECTED_PACKET_LENGTH as normal termination of a TLS session - cib: Call gnutls_bye() and shutdown() when disconnecting from remote TLS connections - cib: Remove disconnected remote connections from mainloop - cib: Attempt a graceful sign-off for remote TLS connections - Core: Ensure there is sufficient space for EOS when building short-form option strings (prevents segfault) - Core: Fix variable expansion in pkg-config files - PE: Resolve memory leak reported by valgrind - PE: Fix memory leak for re-allocated resources reported by valgrind - PE: Improve the merging with template's operations - crmd: Allow nodes to fence themselves if they're the last one standing (lf#2584) - stonith: Add an API call for listing installed agents - stonith: Allow the fencing history to be queried - stonith: Ensure completed operations are recorded as such in the history - stonith: Support --quiet to display just the seconds since epoch at which a node was last shot - stonith: Serialize actions for a given device - stonith: Add missing entries to stonith_error2string() (missing OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/pacemaker?expand=0&rev=18 2011-09-20 16:36:23 +02:00			`# HG changeset patch`
			`# User Dejan Muhamedagic <dejan@hello-penguin.com>`
			`# Date 1313760016 -7200`
			`# Node ID 3a81b7eae66672dd9873fe6b53ee3c0da6fc87d7`
			`# Parent e8ea8fb95f310997995576ee831693b0d3b2736a`
			`Medium: Shell: support for LRM secrets in resource level`

			`diff --git a/doc/crm.8.txt b/doc/crm.8.txt`
			`--- a/doc/crm.8.txt`
			`+++ b/doc/crm.8.txt`
			`@@ -869,6 +869,34 @@ Example:`
			`param ip_0 show ip`
			`...............`

			`+[[cmdhelp_resource_secret,manage sensitive parameters]]`
			+==== `secret`
			`+`
			`+Sensitive parameters can be kept in local files rather than CIB`
			+in order to prevent accidental data exposure. Use the `secret`
			+command to manage such parameters. `stash` and `unstash` move the
			+value from the CIB and back to the CIB respectively. The `set`
			+subcommand sets the parameter to the provided value. `delete`
			+removes the parameter completely. `show` displays the value of
			+the parameter from the local file. Use `check` to verify if the
			`+local file content is valid.`
			`+`
			`+Usage:`
			`+...............`
			`+ secret <rsc> set <param> <value>`
			`+ secret <rsc> stash <param>`
			`+ secret <rsc> unstash <param>`
			`+ secret <rsc> delete <param>`
			`+ secret <rsc> show <param>`
			`+ secret <rsc> check <param>`
			`+...............`
			`+Example:`
			`+...............`
			`+ secret fence_1 show password`
			`+ secret fence_1 stash password`
			`+ secret fence_1 set password secret_value`
			`+...............`
			`+`
			`[[cmdhelp_resource_meta,manage a meta attribute]]`
			==== `meta`

			`diff --git a/shell/modules/ui.py.in b/shell/modules/ui.py.in`
			`--- a/shell/modules/ui.py.in`
			`+++ b/shell/modules/ui.py.in`
			`@@ -661,7 +661,8 @@ def manage_attr(cmd,attr_ext_commands,*a`
			`else:`
			`bad_usage(cmd,' '.join(args))`
			`return False`
			`- elif args[1] in ('delete','show'):`
			`+ elif args[1] in ('delete','show') or \`
			`+ (cmd == "secret" and args[1] in ('stash','unstash','check')):`
			`if len(args) == 3:`
			`if not is_name_sane(args[0]) \`
			`or not is_name_sane(args[2]):`
			`@@ -770,6 +771,14 @@ program.`
			`'delete': "crm_resource -z -r '%s' -d '%s'",`
			`'show': "crm_resource -z -r '%s' -g '%s'",`
			`}`
			`+ rsc_secret = {`
			`+ 'set': "cibsecret set '%s' '%s' '%s'",`
			`+ 'stash': "cibsecret stash '%s' '%s'",`
			`+ 'unstash': "cibsecret unstash '%s' '%s'",`
			`+ 'delete': "cibsecret delete '%s' '%s'",`
			`+ 'show': "cibsecret get '%s' '%s'",`
			`+ 'check': "cibsecret check '%s' '%s'",`
			`+ }`
			`rsc_refresh = "crm_resource -R"`
			`rsc_refresh_node = "crm_resource -R -H '%s'"`
			`rsc_reprobe = "crm_resource -P"`
			`@@ -787,6 +796,7 @@ program.`
			`self.cmd_table["migrate"] = (self.migrate,(1,4),0,1)`
			`self.cmd_table["unmigrate"] = (self.unmigrate,(1,1),0,1)`
			`self.cmd_table["param"] = (self.param,(3,4),1,1)`
			`+ self.cmd_table["secret"] = (self.secret,(3,4),1,1)`
			`self.cmd_table["meta"] = (self.meta,(3,4),1,1)`
			`self.cmd_table["utilization"] = (self.utilization,(3,4),1,1)`
			`self.cmd_table["failcount"] = (self.failcount,(3,4),0,0)`
			`@@ -924,6 +934,16 @@ program.`
			`param <rsc> show <param>"""`
			`d = lambda: manage_attr(cmd,self.rsc_param,*args)`
			`return d()`
			`+ def secret(self,cmd,*args):`
			`+ """usage:`
			`+ secret <rsc> set <param> <value>`
			`+ secret <rsc> stash <param>`
			`+ secret <rsc> unstash <param>`
			`+ secret <rsc> delete <param>`
			`+ secret <rsc> show <param>`
			`+ secret <rsc> check <param>"""`
			`+ d = lambda: manage_attr(cmd,self.rsc_secret,*args)`
			`+ return d()`
			`def meta(self,cmd,*args):`
			`"""usage:`
			`meta <rsc> set <attr> <value>`