From 76152a161d1ad911bea9e57784b801b09d3a6872 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Str=C3=B6mb=C3=A4ck?= <filip.stromback@liu.se>
Date: Mon, 7 Dec 2020 11:31:12 +0100
Subject: [PATCH] Another attempt att loading data from Hiera.

---
 data/common.yaml  |  4 ++--
 manifests/auth.pp | 21 ++++++++++-----------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/data/common.yaml b/data/common.yaml
index 469ccaf..0a059a5 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -1,5 +1,5 @@
 version: 5
-aes::auth::keytab_production: >
+aes::keytab_production: >
   ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
   DQYJKoZIhvcNAQEBBQAEggEAfFSsoD6ALGcGIKtmxr/5DxCxmDUSAf2M/7dg
   krxqYfSLDUZ2z4hWCqWotA2urirssyEuf2kKnX2DpVxPN/N8Nzzt6IKwgk2Y
@@ -12,7 +12,7 @@ aes::auth::keytab_production: >
   KnKyBQOSoeXYCwc8Mx0OWxI0yFu4uvFYDAT1KqWFYbuF39/xwcAtdd7brWyR
   SQj5KZjJjZ6I7hGq]
 
-aes::auth::keytab_devel: >
+aes::keytab_devel: >
   ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
   DQYJKoZIhvcNAQEBBQAEggEAV6TzhtqZfmrgF+c/ExBVJIuKQqgGGoaA1gRL
   q4JFbg9iDV1PsocvOWk7SCfPL7HnnEwnqSNPHSGXpW6n8x+3jevGeutnCnxY
diff --git a/manifests/auth.pp b/manifests/auth.pp
index de117eb..ccd912f 100644
--- a/manifests/auth.pp
+++ b/manifests/auth.pp
@@ -1,7 +1,4 @@
-class aes::auth(
-  Optional[String] $keytab_production = undef,
-  Optional[String] $keytab_devel = undef,
-){
+class aes::auth {
 
   $auth_user = auth
   $auth_group = "${auth_user}"
@@ -12,9 +9,11 @@ class aes::auth(
   # $environment since the keys are tied to the domain name rather than what 
   # environment the machine is configured in.
   if $facts[fqdn] == 'aes.edu.liu.se' {
-    $keytab = $keytab_production
+    $auth_keytab_data = lookup("aes::keytab_production", undef, undef, "lookup failed")
   } elsif $facts[fqdn] == 'aes-devel.edu.liu.se' {
-    $keytab = $keytab_devel
+    $auth_keytab_data = lookup("aes::keytab_devel", undef, undef, "lookup failed")
+  } else {
+    $auth_keytab_data = "unknown domain"
   }
 
   # Note: We rely on Boost being installed by the broker. It seems Puppet does not like
@@ -93,11 +92,11 @@ class aes::auth(
   }
 
   file { "${auth_home}/keys/kerberos.keytab" :
-    ensure  => file,
-    owner   => root,
-    group   => "${auth_group}",
-    mode    => "0640",
-    content => "$keytab"
+    ensure => file,
+    owner  => root,
+    group  => "${auth_group}",
+    mode   => "0640",
+    content => "${auth_keytab_data}"
   }
 
   exec { 'update-auth-repo' :
-- 
GitLab