From 7756e6c9ae55fb979f19c8653dddea2620364f9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Str=C3=B6mb=C3=A4ck?= <filip.stromback@liu.se>
Date: Mon, 7 Dec 2020 13:41:46 +0100
Subject: [PATCH] Reverted to parameters in the auth manifest.

---
 data/common.yaml  |  4 ++--
 manifests/auth.pp | 25 +++++++++++++++----------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/data/common.yaml b/data/common.yaml
index cdef620..a1f3a0c 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -1,6 +1,6 @@
 ---
 version: 5
-aes::keytab_production: >
+aes::auth::keytab_production: >
   ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
   DQYJKoZIhvcNAQEBBQAEggEAfFSsoD6ALGcGIKtmxr/5DxCxmDUSAf2M/7dg
   krxqYfSLDUZ2z4hWCqWotA2urirssyEuf2kKnX2DpVxPN/N8Nzzt6IKwgk2Y
@@ -13,7 +13,7 @@ aes::keytab_production: >
   KnKyBQOSoeXYCwc8Mx0OWxI0yFu4uvFYDAT1KqWFYbuF39/xwcAtdd7brWyR
   SQj5KZjJjZ6I7hGq]
 
-aes::keytab_devel: >
+aes::auth::keytab_devel: >
   ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
   DQYJKoZIhvcNAQEBBQAEggEAV6TzhtqZfmrgF+c/ExBVJIuKQqgGGoaA1gRL
   q4JFbg9iDV1PsocvOWk7SCfPL7HnnEwnqSNPHSGXpW6n8x+3jevGeutnCnxY
diff --git a/manifests/auth.pp b/manifests/auth.pp
index ccd912f..31558d1 100644
--- a/manifests/auth.pp
+++ b/manifests/auth.pp
@@ -1,4 +1,7 @@
-class aes::auth {
+class aes::auth(
+  Optional[String] $keytab_production = undef,
+  Optional[String] $keytab_devel = undef
+){
 
   $auth_user = auth
   $auth_group = "${auth_user}"
@@ -9,11 +12,11 @@ class aes::auth {
   # $environment since the keys are tied to the domain name rather than what 
   # environment the machine is configured in.
   if $facts[fqdn] == 'aes.edu.liu.se' {
-    $auth_keytab_data = lookup("aes::keytab_production", undef, undef, "lookup failed")
+    $auth_keytab_data = $keytab_production
   } elsif $facts[fqdn] == 'aes-devel.edu.liu.se' {
-    $auth_keytab_data = lookup("aes::keytab_devel", undef, undef, "lookup failed")
+    $auth_keytab_data = $keytab_devel
   } else {
-    $auth_keytab_data = "unknown domain"
+    $auth_keytab_data = undef
   }
 
   # Note: We rely on Boost being installed by the broker. It seems Puppet does not like
@@ -91,12 +94,14 @@ class aes::auth {
     mode   => "0700"
   }
 
-  file { "${auth_home}/keys/kerberos.keytab" :
-    ensure => file,
-    owner  => root,
-    group  => "${auth_group}",
-    mode   => "0640",
-    content => "${auth_keytab_data}"
+  if $auth_keytab_data {
+    file { "${auth_home}/keys/kerberos.keytab" :
+      ensure => file,
+      owner  => root,
+      group  => "${auth_group}",
+      mode   => "0640",
+      content => "${auth_keytab_data}"
+    }
   }
 
   exec { 'update-auth-repo' :
-- 
GitLab