use collected / virtual resources for group membership

2025-01-18 07:30:34 +00:00 · 2021-07-02 11:05:06 -04:00 · 2021-07-02 11:05:06 -04:00 · ed0fc67379
commit ed0fc67379
parent bcc92add25
2 changed files with 15 additions and 5 deletions
--- a/manifests/common.pp
+++ b/manifests/common.pp
@ -41,12 +41,22 @@ class acme_vault::common (
      mode   => '0750',
    }

-    group { $group:
-      ensure          => present,
-      members         => $group_members,
-      system          => true,
+    # group membership is handled through collected virtual resources.  This
+    # allows other modules/profiles to add members to the group, for services
+    # that require access to the certs
+
+    @group { $group:
+      ensure  => present,
+      system  => true,
+      tag     => 'acme_vault_group',
    }

+    # include lines similar to this in your own modules to add members to the
+    # group.  We use this method here to add the group_members paramater, but
+    # it will work the same in any module.
+
+    Group <| tag == 'acme_vault_group' |> { members +> $group_members }
+
    # vault module isn't too flexible for install only, just copy in binary
    # would be nice if this worked!
    #class { '::vault::install':
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -3,7 +3,7 @@ class acme_vault::params {
    # settings for acme user
    $user       = 'acme'
    $group      = 'acme'
-    $group_members      = ['apache']
+    $group_members      = []
    $home_dir   = '/home/acme_vault'
    $contact_email = ''
    $domains     = undef