- aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter
and AWS Policy based authentication type Resolves: RHEL-16248
This commit is contained in:
parent
78cdd8146e
commit
f772802d72
@ -1,18 +1,18 @@
|
|||||||
From a1177407608887970cafbfe7ad9bf97570c739dd Mon Sep 17 00:00:00 2001
|
From f45f76600a7e02c860566db7d1350dc3b09449c2 Mon Sep 17 00:00:00 2001
|
||||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||||
Date: Mon, 6 Nov 2023 15:49:44 +0100
|
Date: Mon, 6 Nov 2023 15:49:44 +0100
|
||||||
Subject: [PATCH] aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type
|
Subject: [PATCH] aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type
|
||||||
parameter and AWS Policy based authentication type
|
parameter and AWS Policy based authentication type
|
||||||
|
|
||||||
---
|
---
|
||||||
heartbeat/aws-vpc-move-ip | 40 ++++++++++++++++++----
|
heartbeat/aws-vpc-move-ip | 43 +++++++++++++++++++----
|
||||||
heartbeat/aws-vpc-route53.in | 44 +++++++++++++++++++-----
|
heartbeat/aws-vpc-route53.in | 47 ++++++++++++++++++++-----
|
||||||
heartbeat/awseip | 65 +++++++++++++++++++++++++++---------
|
heartbeat/awseip | 68 +++++++++++++++++++++++++++---------
|
||||||
heartbeat/awsvip | 59 +++++++++++++++++++++++++-------
|
heartbeat/awsvip | 60 ++++++++++++++++++++++++-------
|
||||||
4 files changed, 166 insertions(+), 42 deletions(-)
|
4 files changed, 173 insertions(+), 45 deletions(-)
|
||||||
|
|
||||||
diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
|
diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
|
||||||
index dee040300f..3fa93cd4af 100755
|
index dee040300f..54806f6eaa 100755
|
||||||
--- a/heartbeat/aws-vpc-move-ip
|
--- a/heartbeat/aws-vpc-move-ip
|
||||||
+++ b/heartbeat/aws-vpc-move-ip
|
+++ b/heartbeat/aws-vpc-move-ip
|
||||||
@@ -36,6 +36,7 @@
|
@@ -36,6 +36,7 @@
|
||||||
@ -76,7 +76,12 @@ index dee040300f..3fa93cd4af 100755
|
|||||||
export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $5}')"
|
export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $5}')"
|
||||||
export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $7}')"
|
export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $7}')"
|
||||||
export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $8}')"
|
export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $8}')"
|
||||||
@@ -224,7 +237,7 @@ ec2ip_validate() {
|
@@ -220,11 +233,11 @@ ec2ip_set_address_param_compat(){
|
||||||
|
}
|
||||||
|
|
||||||
|
ec2ip_validate() {
|
||||||
|
- for cmd in $OCF_RESKEY_awscli ip curl; do
|
||||||
|
+ for cmd in "$OCF_RESKEY_awscli" ip curl; do
|
||||||
check_binary "$cmd"
|
check_binary "$cmd"
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -103,12 +108,13 @@ index dee040300f..3fa93cd4af 100755
|
|||||||
ocf_log debug "executing command: $cmd"
|
ocf_log debug "executing command: $cmd"
|
||||||
$cmd
|
$cmd
|
||||||
else
|
else
|
||||||
@@ -475,6 +488,21 @@ if ! ocf_is_root; then
|
@@ -475,6 +488,22 @@ if ! ocf_is_root; then
|
||||||
exit $OCF_ERR_PERM
|
exit $OCF_ERR_PERM
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
|
||||||
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
||||||
+ AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
|
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
|
||||||
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
||||||
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
||||||
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
||||||
@ -126,7 +132,7 @@ index dee040300f..3fa93cd4af 100755
|
|||||||
|
|
||||||
ec2ip_validate
|
ec2ip_validate
|
||||||
diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in
|
diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in
|
||||||
index 22cbb35833..911f15f59f 100644
|
index 22cbb35833..18ab157e8a 100644
|
||||||
--- a/heartbeat/aws-vpc-route53.in
|
--- a/heartbeat/aws-vpc-route53.in
|
||||||
+++ b/heartbeat/aws-vpc-route53.in
|
+++ b/heartbeat/aws-vpc-route53.in
|
||||||
@@ -46,24 +46,22 @@
|
@@ -46,24 +46,22 @@
|
||||||
@ -174,6 +180,15 @@ index 22cbb35833..911f15f59f 100644
|
|||||||
<parameter name="profile">
|
<parameter name="profile">
|
||||||
<longdesc lang="en">
|
<longdesc lang="en">
|
||||||
The name of the AWS CLI profile of the root account. This
|
The name of the AWS CLI profile of the root account. This
|
||||||
|
@@ -196,7 +203,7 @@ r53_validate() {
|
||||||
|
|
||||||
|
# Check for required binaries
|
||||||
|
ocf_log debug "Checking for required binaries"
|
||||||
|
- for command in curl dig; do
|
||||||
|
+ for command in "${OCF_RESKEY_awscli}" curl dig; do
|
||||||
|
check_binary "$command"
|
||||||
|
done
|
||||||
|
|
||||||
@@ -216,7 +223,10 @@ r53_validate() {
|
@@ -216,7 +223,10 @@ r53_validate() {
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -194,14 +209,15 @@ index 22cbb35833..911f15f59f 100644
|
|||||||
case $__OCF_ACTION in
|
case $__OCF_ACTION in
|
||||||
usage|help)
|
usage|help)
|
||||||
usage
|
usage
|
||||||
@@ -427,6 +436,25 @@ case $__OCF_ACTION in
|
@@ -427,6 +436,26 @@ case $__OCF_ACTION in
|
||||||
metadata
|
metadata
|
||||||
exit $OCF_SUCCESS
|
exit $OCF_SUCCESS
|
||||||
;;
|
;;
|
||||||
+esac
|
+esac
|
||||||
+
|
+
|
||||||
|
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
|
||||||
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
||||||
+ AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
|
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
|
||||||
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
||||||
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
||||||
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
||||||
@ -221,7 +237,7 @@ index 22cbb35833..911f15f59f 100644
|
|||||||
r53_validate || exit $?
|
r53_validate || exit $?
|
||||||
r53_start
|
r53_start
|
||||||
diff --git a/heartbeat/awseip b/heartbeat/awseip
|
diff --git a/heartbeat/awseip b/heartbeat/awseip
|
||||||
index dc48460c85..f93b5a3434 100755
|
index dc48460c85..49b0ca6155 100755
|
||||||
--- a/heartbeat/awseip
|
--- a/heartbeat/awseip
|
||||||
+++ b/heartbeat/awseip
|
+++ b/heartbeat/awseip
|
||||||
@@ -23,7 +23,8 @@
|
@@ -23,7 +23,8 @@
|
||||||
@ -335,16 +351,19 @@ index dc48460c85..f93b5a3434 100755
|
|||||||
RET=$?
|
RET=$?
|
||||||
|
|
||||||
if [ $RET -ne 0 ]; then
|
if [ $RET -ne 0 ]; then
|
||||||
@@ -220,7 +240,7 @@ awseip_monitor() {
|
@@ -218,9 +238,9 @@ awseip_monitor() {
|
||||||
|
}
|
||||||
|
|
||||||
awseip_validate() {
|
awseip_validate() {
|
||||||
check_binary ${AWSCLI}
|
- check_binary ${AWSCLI}
|
||||||
|
+ check_binary "${OCF_RESKEY_awscli}"
|
||||||
|
|
||||||
- if [ -z "$OCF_RESKEY_profile" ]; then
|
- if [ -z "$OCF_RESKEY_profile" ]; then
|
||||||
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
|
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
|
||||||
ocf_exit_reason "profile parameter not set"
|
ocf_exit_reason "profile parameter not set"
|
||||||
return $OCF_ERR_CONFIGURED
|
return $OCF_ERR_CONFIGURED
|
||||||
fi
|
fi
|
||||||
@@ -238,9 +258,26 @@ case $__OCF_ACTION in
|
@@ -238,9 +258,27 @@ case $__OCF_ACTION in
|
||||||
meta_data
|
meta_data
|
||||||
exit $OCF_SUCCESS
|
exit $OCF_SUCCESS
|
||||||
;;
|
;;
|
||||||
@ -356,8 +375,9 @@ index dc48460c85..f93b5a3434 100755
|
|||||||
+esac
|
+esac
|
||||||
|
|
||||||
-AWSCLI="${OCF_RESKEY_awscli}"
|
-AWSCLI="${OCF_RESKEY_awscli}"
|
||||||
|
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
|
||||||
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
||||||
+ AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
|
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
|
||||||
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
||||||
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
||||||
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
||||||
@ -373,7 +393,7 @@ index dc48460c85..f93b5a3434 100755
|
|||||||
ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
|
ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
|
||||||
ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
|
ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
|
||||||
PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
|
PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
|
||||||
@@ -272,10 +309,6 @@ case $__OCF_ACTION in
|
@@ -272,10 +310,6 @@ case $__OCF_ACTION in
|
||||||
validate|validate-all)
|
validate|validate-all)
|
||||||
awseip_validate
|
awseip_validate
|
||||||
;;
|
;;
|
||||||
@ -385,7 +405,7 @@ index dc48460c85..f93b5a3434 100755
|
|||||||
awseip_usage
|
awseip_usage
|
||||||
exit $OCF_ERR_UNIMPLEMENTED
|
exit $OCF_ERR_UNIMPLEMENTED
|
||||||
diff --git a/heartbeat/awsvip b/heartbeat/awsvip
|
diff --git a/heartbeat/awsvip b/heartbeat/awsvip
|
||||||
index 037278e296..7e6cc23d64 100755
|
index 037278e296..bdb4d68dd0 100755
|
||||||
--- a/heartbeat/awsvip
|
--- a/heartbeat/awsvip
|
||||||
+++ b/heartbeat/awsvip
|
+++ b/heartbeat/awsvip
|
||||||
@@ -23,7 +23,8 @@
|
@@ -23,7 +23,8 @@
|
||||||
@ -486,14 +506,14 @@ index 037278e296..7e6cc23d64 100755
|
|||||||
|
|
||||||
awsvip_validate() {
|
awsvip_validate() {
|
||||||
- check_binary ${AWSCLI}
|
- check_binary ${AWSCLI}
|
||||||
+ check_binary ${OCF_RESKEY_awscli}
|
+ check_binary "${OCF_RESKEY_awscli}"
|
||||||
|
|
||||||
- if [ -z "$OCF_RESKEY_profile" ]; then
|
- if [ -z "$OCF_RESKEY_profile" ]; then
|
||||||
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
|
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
|
||||||
ocf_exit_reason "profile parameter not set"
|
ocf_exit_reason "profile parameter not set"
|
||||||
return $OCF_ERR_CONFIGURED
|
return $OCF_ERR_CONFIGURED
|
||||||
fi
|
fi
|
||||||
@@ -202,9 +224,26 @@ case $__OCF_ACTION in
|
@@ -202,9 +224,27 @@ case $__OCF_ACTION in
|
||||||
meta_data
|
meta_data
|
||||||
exit $OCF_SUCCESS
|
exit $OCF_SUCCESS
|
||||||
;;
|
;;
|
||||||
@ -504,8 +524,9 @@ index 037278e296..7e6cc23d64 100755
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
-AWSCLI="${OCF_RESKEY_awscli}"
|
-AWSCLI="${OCF_RESKEY_awscli}"
|
||||||
|
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
|
||||||
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
||||||
+ AWSCLI_CMD="${OCF_RESKEY_awscli} --profile ${OCF_RESKEY_profile}"
|
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
|
||||||
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
||||||
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
||||||
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
||||||
@ -521,7 +542,7 @@ index 037278e296..7e6cc23d64 100755
|
|||||||
SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
|
SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
|
||||||
TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||||
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||||
@@ -236,10 +275,6 @@ case $__OCF_ACTION in
|
@@ -236,10 +276,6 @@ case $__OCF_ACTION in
|
||||||
validate|validate-all)
|
validate|validate-all)
|
||||||
awsvip_validate
|
awsvip_validate
|
||||||
;;
|
;;
|
||||||
|
@ -69,7 +69,7 @@
|
|||||||
Name: resource-agents
|
Name: resource-agents
|
||||||
Summary: Open Source HA Reusable Cluster Resource Scripts
|
Summary: Open Source HA Reusable Cluster Resource Scripts
|
||||||
Version: 4.9.0
|
Version: 4.9.0
|
||||||
Release: 50%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
|
Release: 51%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
|
||||||
License: GPLv2+ and LGPLv2+
|
License: GPLv2+ and LGPLv2+
|
||||||
URL: https://github.com/ClusterLabs/resource-agents
|
URL: https://github.com/ClusterLabs/resource-agents
|
||||||
%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
|
%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
|
||||||
@ -972,7 +972,7 @@ ccs_update_schema > /dev/null 2>&1 ||:
|
|||||||
%{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
|
%{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Nov 14 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-50
|
* Fri Nov 17 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-51
|
||||||
- aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter
|
- aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter
|
||||||
and AWS Policy based authentication type
|
and AWS Policy based authentication type
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user