add common class, lexicon vars, general cleanup

manifests/common.pp

@@ -0,0 +1,70 @@
+class acme_vault::common (
+    $user               = $::acme_vault::params::user,
+    $group              = $::acme_vault::params::group,
+    $home_dir           = $::acme_vault::params::home_dir,
+
+    $vault_token        = $::acme_vault::params::vault_token,
+    $vault_addr         = $::acme_vault::params::vault_addr,
+    $vault_bin          = $::acme_vault::params::vault_bin,
+
+) inherits acme_vault::params {
+
+    $common_bashrc_template = @(END)
+export VAULT_BIN=<%= @vault_bin %>
+export VAULT_TOKEN=<%= @vault_token %>
+export VAULT_ADDR=<%= @vault_addr %>
+END
+    # create acme_vault user
+    user { $user:
+      ensure     => present,
+      gid        => $group,
+      system     => true,
+      home       => $home_dir,
+      managehome => true,
+    }
+
+    file { $home_dir:
+      ensure => directory,
+      owner  => $user,
+      group  => $group,
+      mode   => "0750",
+    }
+
+    # vault module isn't too flexible for install only, just copy in binary
+    # would be nice if this worked!
+    #class { '::vault::install':
+    #  manage_user => false,
+    #}
+  
+    file { $vault_bin:
+        ensure => present,
+        owner  => "root",
+        group  => "root",
+        mode   => "0555",
+        source => "puppet:///modules/acme_vault/vault",
+    }
+
+    # variables in bashrc
+    concat { "${home_dir}/.bashrc":
+			owner   => $user,
+      group   => $group,
+      mode    => "0600",
+    }
+
+    concat::fragment{ "vault_bashrc":
+      target  => "${home_dir}/.bashrc",
+      content => inline_template($common_bashrc_template),
+      order   => "01",
+    }
+
+    #		file { "$home_dir/.bashrc":
+    #			ensure  => present,
+    #			owner   => $user,
+    #      group   => $group,
+    #      mode    => "0600",
+    #      content => template("acme_vault/bashrc"),
+    #    }
+
+
+}
+

manifests/params.pp

@@ -1,14 +1,14 @@
 class acme_vault::params {
-    # settings for requestor
+    # settings for acme user
     $user       = 'acme'
     $group      = 'apache'
     $home_dir   = '/home/acme_vault'
-    $contact_email = ''
 
     # whether to use the letsencrypt staging url, set those urls
     $staging     = true
     $staging_url = 'https://acme-staging-v02.api.letsencrypt.org/directory'
     $prod_url    = 'https://acme-v02.api.letsencrypt.org/directory'
+    $contact_email = ''
 
     $acme_revision = 'HEAD'
     $acme_repo_path = "$home_dir/acme.sh"
@@ -22,12 +22,13 @@ class acme_vault::params {
     $vault_addr  = ''
     $vault_bin   = "$home_dir/vault"
 
-    $dns_api_username = ''
+    # lexicon 
+    $lexicon_provider   = ''
+    $lexicon_username   = ''
+    $lexicon_token      = ''
+
     # settings for deploy
 
     $cert_destination_path = '/etc/acme/'
 
-    
-    # control if we want to actually run acme_vault - usefull for rollout
-    $skip_run = true
 }

manifests/requestor.pp

@@ -11,57 +11,28 @@ class acme_vault::requestor (
     $acme_revision      = $::acme_vault::params::acme_revision,
     $acme_repo_path     = $::acme_vault::params::acme_repo_path,
     $acme_script        = $::acme_vault::params::acme_script,
-    $dns_api_username   = $::acme_vault::params::dns_api_username,
+
+    $lexicon_provider   = $::acme_vault::params::lexicon_provider,
+    $lexicon_username   = $::acme_vault::params::lexicon_username,
+    $lexicon_token      = $::acme_vault::params::lexicon_token,
 
     $domains            = $::acme_vault::params::domains,
-    $vault_token        = $::acme_vault::params::vault_token,
-    $vault_addr         = $::acme_vault::params::vault_addr,
-    $vault_bin          = $::acme_vault::params::vault_bin,
 
 ) inherits acme_vault::params {
 
-  #  include acme_vault::user
+    include acme_vault::common
-    # create acme_vault user
-    user { $user:
-      ensure     => present,
-      gid        => $group,
-      system     => true,
-      home       => $home_dir,
-      managehome => true,
-    }
-
-    file { $home_dir:
-      ensure => directory,
-      owner  => $user,
-      group  => $group,
-      mode   => "0750",
-    }
-
-    # copy vault binary? install via module?
-    #TODO put in init
-    # vault module isn't too flexible for install only, just copy in binary
-
-    #include ::vault::install
-    #class { '::vault::install':
-    #  manage_user => false,
-    #}
-  
-    file { $vault_bin:
-        ensure => present,
-        owner  => "root",
-        group  => "root",
-        mode   => "0555",
-        source => "puppet:///modules/acme_vault/vault",
-    }
 
+    $requestor_bashrc_template = @(END)
+export LEXICON_PROVIDER=<%= @lexicon_provider %>
+export LEXICON_<%= @lexicon_provider.upcase %>_USERNAME=<%= @lexicon_username %>
+export LEXICON_<%= @lexicon_provider.upcase %>_TOKEN=<%= @lexicon_token %>
+END
     # variables in bashrc
 
-		file { "$home_dir/.bashrc":
+		concat::fragment { "requestor_bashrc":
-			ensure  => present,
+      target  => "${home_dir}/.bashrc",
-			owner   => $user,
+      content => inline_template($requestor_bashrc_template),
-      group   => $group,
+      order   => "02",
-      mode    => "0600",
-      content => template("acme_vault/bashrc"),
     }
 
 
@@ -73,9 +44,7 @@ class acme_vault::requestor (
       revision => $acme_revision,
     }
 
-    notice("$domains")
+    # create issue scripts
-    # copy down issue scripts
-
     $domains.each |$domain, $d_list| {
       file {"/${home_dir}/${domain}.sh":
         ensure => present,
@@ -90,12 +59,9 @@ class acme_vault::requestor (
           staging     => $staging,
           staging_url => $staging_url,
           prod_url    => $prod_url,
-          } )
+          } 
+        )
       }
     }
 
-
 }
-
-
-

templates/bashrc

@@ -1,5 +0,0 @@
-export VAULT_TOKEN=<%= @vault_token %>
-export VAULT_ADDR=<%= @vault_addr %>
-export LEXICON_PROVIDER=namecheap
-export LEXICON_NAMECHEAP_USERNAME=<%= @dns_api_username %>
-export LEXICON_NAMECHEAP_TOKEN=$(<%= @vault_bin %> read -field=value /secret/dns_api/token)