On 6 May 2016 at 12:19, Alexander Dacre <a...@alexdacre.co.uk> wrote: > I'm looking to build my first module with custom types and providers, but I > have some questions that I've been unable to find answers to. > > Lets say I have an application with a REST API that allows the creation of > widgets. My custom type and provider would define what the widget looks like > and contain code on how to create/delete etc. The problem is that the REST > API is authenticated with basic auth over HTTPS. Now, my question: what is > the general best practice for taking these credentials? Class parameters? On > a type instance basis? >
I have a few examples of this. I think my first recommendation would be to reuse a existing method of providing the authentication details if one exists for the API in question. So for instance: https://github.com/garethr/garethr-kubernetes https://github.com/puppetlabs/puppetlabs-aws The Kubernetes module includes code to parse a standard kubernetes.conf file. The AWS module loads config from environment variables or from a config file (or just uses IAM so no config internal required), as is standard for all the official AWS tools. The Azure module does similar, but implements the logic itself which might be of use. https://github.com/puppetlabs/puppetlabs-azure/blob/master/lib/puppet_x/puppetlabs/azure/config.rb Personally I don't think of authentication details as a property of the type, more a property of the host. By decoupling the two you open up options for dealing with those secrets how ever the end consumer wants, ie. use keywhiz or vault or conjur, file permissions, manage with Puppet resource, auditd rules, etc. All without requiring direct Puppet integration. Gareth > Thanks, > A > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/9b21c33e-e442-4890-91f3-b15baf47acec%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Gareth Rushgrove @garethr devopsweekly.com morethanseven.net garethrushgrove.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAFi_6yL7JSCBsxLjSCejZi5eBYqHT7b-k-XXGj3prk6iFxPD9w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
