kris/puppet-acme_vault
1
0
Fork 0
mirror of https://github.com/krislamo/puppet-acme_vault synced 2024-12-16 04:40:35 +00:00
Code Issues Releases Wiki Activity

add flexible group membership

Browse Source
This commit is contained in:
Bob Belnap 2020-11-16 14:03:04 -05:00
parent ee9416b82f
commit 71e051477f
4 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -82,7 +82,11 @@ Default value: `acme_vault`
##### `group`
group that the user belongs to. For deploy, this should probably be the webserver group
group that owns the created certificates
##### `group_members`
members of the above group that will have access to created certificates. In most cases this will be the webserver group, or any other services that require reading the certs.
Default value: `acme_vault`

7
manifests/common.pp
View File

@ -4,6 +4,7 @@
class acme_vault::common (
$user = $::acme_vault::params::user,
$group = $::acme_vault::params::group,
$group_members = $::acme_vault::params::group_members,
$home_dir = $::acme_vault::params::home_dir,
$contact_email = $::acme_vault::params::contact_email,
$domains = $::acme_vault::params::domains,
@ -40,6 +41,12 @@ class acme_vault::common (
mode => '0750',
}
group { $group:
ensure => present,
members => $group_members,
system => true,
}
# vault module isn't too flexible for install only, just copy in binary
# would be nice if this worked!
#class { '::vault::install':

3
manifests/params.pp
View File

@ -2,7 +2,8 @@
class acme_vault::params {
# settings for acme user
$user = 'acme'
$group = 'apache'
$group = 'acme'
$group_members = ['apache']
$home_dir = '/home/acme_vault'
$contact_email = ''
$domains = undef

4
metadata.json
View File

@ -13,6 +13,10 @@
{
"name": "puppetlabs-concat",
"version_requirement": ">= 1.2.4"
},
{
"name": "onyxpoint-gpasswd",
"version_requirement": ">= 1.1.1"
}
],
"operatingsystem_support": [