Overview

File crm_lrmsecrets_3a81b7eae666.patch of Package pacemaker

# HG changeset patch
# User Dejan Muhamedagic <dejan@hello-penguin.com>
# Date 1313760016 -7200
# Node ID 3a81b7eae66672dd9873fe6b53ee3c0da6fc87d7
# Parent  e8ea8fb95f310997995576ee831693b0d3b2736a
Medium: Shell: support for LRM secrets in resource level

diff --git a/doc/crm.8.txt b/doc/crm.8.txt
--- a/doc/crm.8.txt
+++ b/doc/crm.8.txt
@@ -869,6 +869,34 @@ Example:
         param ip_0 show ip
 ...............
 
+[[cmdhelp_resource_secret,manage sensitive parameters]]
+==== `secret`
+
+Sensitive parameters can be kept in local files rather than CIB
+in order to prevent accidental data exposure. Use the `secret`
+command to manage such parameters. `stash` and `unstash` move the
+value from the CIB and back to the CIB respectively. The `set`
+subcommand sets the parameter to the provided value. `delete`
+removes the parameter completely. `show` displays the value of
+the parameter from the local file. Use `check` to verify if the
+local file content is valid.
+
+Usage:
+...............
+        secret <rsc> set <param> <value>
+        secret <rsc> stash <param>
+        secret <rsc> unstash <param>
+        secret <rsc> delete <param>
+        secret <rsc> show <param>
+        secret <rsc> check <param>
+...............
+Example:
+...............
+        secret fence_1 show password
+        secret fence_1 stash password
+        secret fence_1 set password secret_value
+...............
+
 [[cmdhelp_resource_meta,manage a meta attribute]]
 ==== `meta`
 
diff --git a/shell/modules/ui.py.in b/shell/modules/ui.py.in
--- a/shell/modules/ui.py.in
+++ b/shell/modules/ui.py.in
@@ -661,7 +661,8 @@ def manage_attr(cmd,attr_ext_commands,*a
         else:
             bad_usage(cmd,' '.join(args))
             return False
-    elif args[1] in ('delete','show'):
+    elif args[1] in ('delete','show') or \
+            (cmd == "secret" and args[1] in ('stash','unstash','check')):
         if len(args) == 3:
             if not is_name_sane(args[0]) \
                     or not is_name_sane(args[2]):
@@ -770,6 +771,14 @@ program.
         'delete': "crm_resource -z -r '%s' -d '%s'",
         'show': "crm_resource -z -r '%s' -g '%s'",
     }
+    rsc_secret =  {
+        'set': "cibsecret set '%s' '%s' '%s'",
+        'stash': "cibsecret stash '%s' '%s'",
+        'unstash': "cibsecret unstash '%s' '%s'",
+        'delete': "cibsecret delete '%s' '%s'",
+        'show': "cibsecret get '%s' '%s'",
+        'check': "cibsecret check '%s' '%s'",
+    }
     rsc_refresh = "crm_resource -R"
     rsc_refresh_node = "crm_resource -R -H '%s'"
     rsc_reprobe = "crm_resource -P"
@@ -787,6 +796,7 @@ program.
         self.cmd_table["migrate"] = (self.migrate,(1,4),0,1)
         self.cmd_table["unmigrate"] = (self.unmigrate,(1,1),0,1)
         self.cmd_table["param"] = (self.param,(3,4),1,1)
+        self.cmd_table["secret"] = (self.secret,(3,4),1,1)
         self.cmd_table["meta"] = (self.meta,(3,4),1,1)
         self.cmd_table["utilization"] = (self.utilization,(3,4),1,1)
         self.cmd_table["failcount"] = (self.failcount,(3,4),0,0)
@@ -924,6 +934,16 @@ program.
         param <rsc> show <param>"""
         d = lambda: manage_attr(cmd,self.rsc_param,*args)
         return d()
+    def secret(self,cmd,*args):
+        """usage:
+        secret <rsc> set <param> <value>
+        secret <rsc> stash <param>
+        secret <rsc> unstash <param>
+        secret <rsc> delete <param>
+        secret <rsc> show <param>
+        secret <rsc> check <param>"""
+        d = lambda: manage_attr(cmd,self.rsc_secret,*args)
+        return d()
     def meta(self,cmd,*args):
         """usage:
         meta <rsc> set <attr> <value>
openSUSE Build Service is sponsored by
Places