kris/puppet-acme_vault
1
0
Fork 0
mirror of https://github.com/krislamo/puppet-acme_vault synced 2024-09-19 20:40:36 +00:00
Code Issues Releases Wiki Activity

use collected / virtual resources for group membership

Browse Source
This commit is contained in:
Bob Belnap 2021-07-02 11:05:06 -04:00
parent bcc92add25
commit ed0fc67379
2 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
manifests/common.pp
View File

@ -41,12 +41,22 @@ class acme_vault::common (
mode => '0750', mode => '0750',
} }
group { $group: # group membership is handled through collected virtual resources. This
ensure => present, # allows other modules/profiles to add members to the group, for services
members => $group_members, # that require access to the certs
system => true,
@group { $group:
ensure => present,
system => true,
tag => 'acme_vault_group',
} }
# include lines similar to this in your own modules to add members to the
# group. We use this method here to add the group_members paramater, but
# it will work the same in any module.
Group <| tag == 'acme_vault_group' |> { members +> $group_members }
# vault module isn't too flexible for install only, just copy in binary # vault module isn't too flexible for install only, just copy in binary
# would be nice if this worked! # would be nice if this worked!
#class { '::vault::install': #class { '::vault::install':

2
manifests/params.pp
View File

@ -3,7 +3,7 @@ class acme_vault::params {
# settings for acme user # settings for acme user
$user = 'acme' $user = 'acme'
$group = 'acme' $group = 'acme'
$group_members = ['apache'] $group_members = []
$home_dir = '/home/acme_vault' $home_dir = '/home/acme_vault'
$contact_email = '' $contact_email = ''
$domains = undef $domains = undef