- aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter

and AWS Policy based authentication type Resolves: RHEL-16247
2023-11-17 15:54:49 +01:00 · 2023-11-17 15:54:49 +01:00 · 3796ee66ad
parent 8008f500d0
commit 3796ee66ad
2 changed files with 47 additions and 26 deletions
--- a/RHEL-16247-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch
+++ b/RHEL-16247-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch
@ -1,18 +1,18 @@
-From a1177407608887970cafbfe7ad9bf97570c739dd Mon Sep 17 00:00:00 2001
+From f45f76600a7e02c860566db7d1350dc3b09449c2 Mon Sep 17 00:00:00 2001
 From: Oyvind Albrigtsen <oalbrigt@redhat.com>
 Date: Mon, 6 Nov 2023 15:49:44 +0100
 Subject: [PATCH] aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type
 parameter and AWS Policy based authentication type

 ---
- heartbeat/aws-vpc-move-ip    | 40 ++++++++++++++++++----
- heartbeat/aws-vpc-route53.in | 44 +++++++++++++++++++-----
- heartbeat/awseip             | 65 +++++++++++++++++++++++++++---------
- heartbeat/awsvip             | 59 +++++++++++++++++++++++++-------
- 4 files changed, 166 insertions(+), 42 deletions(-)
+ heartbeat/aws-vpc-move-ip    | 43 +++++++++++++++++++----
+ heartbeat/aws-vpc-route53.in | 47 ++++++++++++++++++++-----
+ heartbeat/awseip             | 68 +++++++++++++++++++++++++++---------
+ heartbeat/awsvip             | 60 ++++++++++++++++++++++++-------
+ 4 files changed, 173 insertions(+), 45 deletions(-)

 diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
-index dee040300f..3fa93cd4af 100755
+index dee040300f..54806f6eaa 100755
 --- a/heartbeat/aws-vpc-move-ip
 +++ b/heartbeat/aws-vpc-move-ip
@@ -36,6 +36,7 @@
@ -76,7 +76,12 @@ index dee040300f..3fa93cd4af 100755
 	export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $5}')"
 	export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $7}')"
 	export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $8}')"
-@@ -224,7 +237,7 @@ ec2ip_validate() {
+@@ -220,11 +233,11 @@ ec2ip_set_address_param_compat(){
+ }
+ 
+ ec2ip_validate() {
+-	for cmd in $OCF_RESKEY_awscli ip curl; do
+	for cmd in "$OCF_RESKEY_awscli" ip curl; do
 		check_binary "$cmd"
 	done
 
@ -103,12 +108,13 @@ index dee040300f..3fa93cd4af 100755
 			ocf_log debug "executing command: $cmd"
 			$cmd
 		else
-@@ -475,6 +488,21 @@ if ! ocf_is_root; then
+@@ -475,6 +488,22 @@ if ! ocf_is_root; then
 	exit $OCF_ERR_PERM
 fi
 
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
 +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
-+	AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
+	AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
 +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
 +	if [ -z "${OCF_RESKEY_region}" ]; then
 +		ocf_exit_reason "region needs to be set when using role-based authentication"
@ -126,7 +132,7 @@ index dee040300f..3fa93cd4af 100755
 
 ec2ip_validate
 diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in
-index 22cbb35833..911f15f59f 100644
+index 22cbb35833..18ab157e8a 100644
 --- a/heartbeat/aws-vpc-route53.in
 +++ b/heartbeat/aws-vpc-route53.in
@@ -46,24 +46,22 @@
@ -174,6 +180,15 @@ index 22cbb35833..911f15f59f 100644
 <parameter name="profile">
 <longdesc lang="en">
 The name of the AWS CLI profile of the root account. This
+@@ -196,7 +203,7 @@ r53_validate() {
+ 
+ 	# Check for required binaries
+ 	ocf_log debug "Checking for required binaries"
+-	for command in curl dig; do
+	for command in "${OCF_RESKEY_awscli}" curl dig; do
+ 		check_binary "$command"
+ 	done
+ 
@@ -216,7 +223,10 @@ r53_validate() {
 	esac
 
@ -194,14 +209,15 @@ index 22cbb35833..911f15f59f 100644
 case $__OCF_ACTION in
 	usage|help)
 		usage
-@@ -427,6 +436,25 @@ case $__OCF_ACTION in
+@@ -427,6 +436,26 @@ case $__OCF_ACTION in
 		metadata
 		exit $OCF_SUCCESS
 		;;
 +esac
 +
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
 +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
-+	AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
+	AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
 +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
 +	if [ -z "${OCF_RESKEY_region}" ]; then
 +		ocf_exit_reason "region needs to be set when using role-based authentication"
@ -221,7 +237,7 @@ index 22cbb35833..911f15f59f 100644
 		r53_validate || exit $?
 		r53_start
 diff --git a/heartbeat/awseip b/heartbeat/awseip
-index dc48460c85..f93b5a3434 100755
+index dc48460c85..49b0ca6155 100755
 --- a/heartbeat/awseip
 +++ b/heartbeat/awseip
@@ -23,7 +23,8 @@
@ -335,16 +351,19 @@ index dc48460c85..f93b5a3434 100755
     RET=$?
 
     if [ $RET -ne 0 ]; then
-@@ -220,7 +240,7 @@ awseip_monitor() {
+@@ -218,9 +238,9 @@ awseip_monitor() {
+ }
+ 
 awseip_validate() {
-     check_binary ${AWSCLI}
+-    check_binary ${AWSCLI}
+    check_binary "${OCF_RESKEY_awscli}"
 
 -    if [ -z "$OCF_RESKEY_profile" ]; then
 +    if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
         ocf_exit_reason "profile parameter not set"
         return $OCF_ERR_CONFIGURED
     fi
-@@ -238,9 +258,26 @@ case $__OCF_ACTION in
+@@ -238,9 +258,27 @@ case $__OCF_ACTION in
         meta_data
         exit $OCF_SUCCESS
         ;;
@ -356,8 +375,9 @@ index dc48460c85..f93b5a3434 100755
 +esac
 
 -AWSCLI="${OCF_RESKEY_awscli}"
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
 +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
-+	AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
+	AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
 +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
 +	if [ -z "${OCF_RESKEY_region}" ]; then
 +		ocf_exit_reason "region needs to be set when using role-based authentication"
@ -373,7 +393,7 @@ index dc48460c85..f93b5a3434 100755
 ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
 ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
 PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
-@@ -272,10 +309,6 @@ case $__OCF_ACTION in
+@@ -272,10 +310,6 @@ case $__OCF_ACTION in
     validate|validate-all)
         awseip_validate
         ;;
@ -385,7 +405,7 @@ index dc48460c85..f93b5a3434 100755
         awseip_usage
         exit $OCF_ERR_UNIMPLEMENTED
 diff --git a/heartbeat/awsvip b/heartbeat/awsvip
-index 037278e296..7e6cc23d64 100755
+index 037278e296..bdb4d68dd0 100755
 --- a/heartbeat/awsvip
 +++ b/heartbeat/awsvip
@@ -23,7 +23,8 @@
@ -486,14 +506,14 @@ index 037278e296..7e6cc23d64 100755
 
 awsvip_validate() {
 -    check_binary ${AWSCLI}
-+    check_binary ${OCF_RESKEY_awscli}
+    check_binary "${OCF_RESKEY_awscli}"
 
 -    if [ -z "$OCF_RESKEY_profile" ]; then
 +    if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
         ocf_exit_reason "profile parameter not set"
         return $OCF_ERR_CONFIGURED
     fi
-@@ -202,9 +224,26 @@ case $__OCF_ACTION in
+@@ -202,9 +224,27 @@ case $__OCF_ACTION in
         meta_data
         exit $OCF_SUCCESS
         ;;
@ -504,8 +524,9 @@ index 037278e296..7e6cc23d64 100755
 esac
 
 -AWSCLI="${OCF_RESKEY_awscli}"
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
 +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
-+	AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
+	AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
 +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
 +	if [ -z "${OCF_RESKEY_region}" ]; then
 +		ocf_exit_reason "region needs to be set when using role-based authentication"
@ -521,7 +542,7 @@ index 037278e296..7e6cc23d64 100755
 SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
 TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
 INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
-@@ -236,10 +275,6 @@ case $__OCF_ACTION in
+@@ -236,10 +276,6 @@ case $__OCF_ACTION in
     validate|validate-all)
         awsvip_validate
         ;;
--- a/resource-agents.spec
+++ b/resource-agents.spec
@ -45,7 +45,7 @@
 Name:		resource-agents
 Summary:	Open Source HA Reusable Cluster Resource Scripts
 Version:	4.10.0
-Release:	48%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
+Release:	49%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
 License:	GPLv2+ and LGPLv2+
 URL:		https://github.com/ClusterLabs/resource-agents
 Source0:	%{upstream_prefix}-%{upstream_version}.tar.gz
@ -627,7 +627,7 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
 %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm

 %changelog
-* Tue Nov 14 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-48
+* Fri Nov 17 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-49
 - aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter
  and AWS Policy based authentication type