From 94891c98ec129da077755f83d5219750f4f60ed1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Str=C3=B6mb=C3=A4ck?= <filip.stromback@liu.se>
Date: Mon, 21 Aug 2023 12:03:58 +0200
Subject: [PATCH] Migrated auth.pp to use 'vcsrepo'.

---
 files/auth/on_update.sh | 10 ---------
 manifests/aes_sw.pp     |  2 +-
 manifests/auth.pp       | 45 +++++++++++++++++++++++------------------
 3 files changed, 26 insertions(+), 31 deletions(-)

diff --git a/files/auth/on_update.sh b/files/auth/on_update.sh
index 7a13654..b347f4d 100644
--- a/files/auth/on_update.sh
+++ b/files/auth/on_update.sh
@@ -1,6 +1,5 @@
 #!/bin/bash
 
-run_as_broker=$(cat <<'EOF'
 cd
 # To make sure we have a decent GCC in our path.
 source /opt/rh/devtoolset-7/enable
@@ -17,12 +16,3 @@ cd
 mkdir -p bin/
 rm -f bin/auth
 cp src/auth/auth bin/
-EOF
-)
-
-# Compile as the auth user
-sudo --user auth --group auth --set-home -- bash -c "$run_as_broker"
-
-# Then, we can restart the services.
-systemctl restart aes_auth.service
-
diff --git a/manifests/aes_sw.pp b/manifests/aes_sw.pp
index 1177579..f3b109a 100644
--- a/manifests/aes_sw.pp
+++ b/manifests/aes_sw.pp
@@ -1,5 +1,5 @@
 # @summary
-#   Describe what this class do!
+#   Software for the AES system.
 #
 #   Detailed summary info if suitable
 #
diff --git a/manifests/auth.pp b/manifests/auth.pp
index 248720e..db0d9b8 100644
--- a/manifests/auth.pp
+++ b/manifests/auth.pp
@@ -1,24 +1,19 @@
 # @summary
-#   Describe what this class do!
+#   Authentication service for the communication module.
 #
-#   Detailed summary info if suitable
+#   Sets up the authentication service for the communication module in the
+#   new exam system. Connects to the broker to authenticate users.
 #
 #
 # @param keytab_production_base64
-#   Describe keytab_production_base64
+#   Keytab contents (in base64) for the Kerberos host key used to authenticate
+#   in the production environment (aes-devel.edu.liu.se).
 #
 # @param keytab_devel_base64
-#   Describe keytab_devel_base64
+#   Keytab contents (in base64) for the Kerberos host key used to authenticate
+#   in the development environment (aes-devel.edu.liu.se).
 #
 class aes::auth (
-  # Comment out old keytab params but
-  # keep temporay for comparison
-  #
-  # # Existing keytabs
-  # Optional[String] $keytab_production = undef,
-  # Optional[String] $keytab_devel = undef
-  #
-  # new base64+pkcs7 keytabs
   Optional[String] $keytab_production_base64 = undef,
   Optional[String] $keytab_devel_base64 = undef
 ) {
@@ -131,14 +126,24 @@ class aes::auth (
     }
   }
 
-  exec { 'update-auth-repo' :
-    command     => "/opt/utils/update_repo.sh ${auth_home}/src https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git ${server_type}",
-    environment => ["REPO_USER=${auth_user}", "REPO_GROUP=${auth_group}", "REPO_ON_UPDATE=${auth_home}/on_update.sh"],
-    # This command will need to run "on_update" as root in order to restart the service.
-    user        => root,
-    group       => root,
-    cwd         => $auth_home,
-    require     => File["${auth_home}/on_update.sh"],
+  vcsrepo { "${auth_home}/src":
+    ensure   => latest,
+    provider => git,
+    source   => 'https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git',
+    revision => $server_type,
+    owner    => $auth_user,
+    group    => $auth_group,
+    notify   => Exec['compile-auth-repo'],
+  }
+
+  exec { 'compile-auth-repo':
+    user        => $auth_user,
+    group       => $auth_group,
+    path        => $auth_home,
+    command     => "$auth_home/on_update.sh",
+    refreshonly => true,
+    require     => File["${auth_home/on_update.sh"],
+    notify      => Service[$auth_service],
   }
 
   service { $auth_service :
-- 
GitLab