Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
Scott Barthelemy
puppet-freeipa
Commits
7681745f
Commit
7681745f
authored
Oct 16, 2018
by
Scott Barthelemy
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Changed few parameters type to use more precise ones. Updated test unit and module accordingly
parent
3eb9883e
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
57 additions
and
130 deletions
+57
-130
REFERENCE.md
REFERENCE.md
+9
-9
manifests/init.pp
manifests/init.pp
+42
-42
manifests/validate_params.pp
manifests/validate_params.pp
+4
-23
spec/classes/init_spec.rb
spec/classes/init_spec.rb
+2
-56
No files found.
REFERENCE.md
View file @
7681745f
...
...
@@ -54,7 +54,7 @@ The following parameters are available in the `freeipa` class.
##### `domain`
Data type:
`St
ring
`
Data type:
`St
dlib::Fqdn
`
The name of the IPA domain to create or join.
...
...
@@ -246,15 +246,15 @@ Default value: `true`
##### `ip_address`
Data type:
`St
ring
`
Data type:
`St
dlib::IP::Address::V4
`
IP address to pass to the IPA installer.
Default value: ''
Default value: '
0.0.0.0
'
##### `ipa_server_fqdn`
Data type:
`St
ring
`
Data type:
`St
dlib::Fqdn
`
Actual fqdn of the IPA server or client.
...
...
@@ -278,11 +278,11 @@ Default value: $::osfamily
##### `ipa_master_fqdn`
Data type:
`St
ring
`
Data type:
`St
dlib::Fqdn
`
FQDN of the server to use for a client or replica domain join.
Default value: ''
Default value: '
default
'
##### `manage_host_entry`
...
...
@@ -310,11 +310,11 @@ Default value: `false`
##### `realm`
Data type:
`St
ring
`
Data type:
`St
dlib::Fqdn
`
The name of the IPA realm to create or join.
Default value: ''
Default value: '
default
'
##### `server_install_ldaputils`
...
...
@@ -366,7 +366,7 @@ Default value: `false`
##### `webui_proxy_external_fqdn`
Data type:
`St
ring
`
Data type:
`St
dlib::Fqdn
`
The public or external FQDN used to access the IPA Web UI behind the reverse proxy.
...
...
manifests/init.pp
View file @
7681745f
...
...
@@ -58,60 +58,60 @@
#
#
class
freeipa
(
St
ring
$domain
=
'default'
,
String
$ipa_role
=
'default'
,
String
$admin_password
=
''
,
String
$directory_services_password
=
''
,
String
$autofs_package_name
=
'autofs'
,
Boolean
$client_install_ldaputils
=
false
,
Boolean
$configure_dns_server
=
true
,
Boolean
$configure_ntp
=
true
,
Array
[
String
]
$custom_dns_forwarders
=
[],
String
$domain_join_principal
=
''
,
String
$domain_join_password
=
''
,
Boolean
$enable_hostname
=
true
,
Boolean
$enable_ip_address
=
false
,
Boolean
$fixed_primary
=
false
,
Integer
$idstart
=
10000
,
Boolean
$install_autofs
=
false
,
Boolean
$install_epel
=
true
,
Boolean
$install_kstart
=
true
,
Boolean
$install_sssdtools
=
true
,
String
$ipa_client_package_name
=
$::osfamily
?
{
St
dlib
::
Fqdn
$domain
=
'default'
,
String
$ipa_role
=
'default'
,
String
$admin_password
=
''
,
String
$directory_services_password
=
''
,
String
$autofs_package_name
=
'autofs'
,
Boolean
$client_install_ldaputils
=
false
,
Boolean
$configure_dns_server
=
true
,
Boolean
$configure_ntp
=
true
,
Array
[
String
]
$custom_dns_forwarders
=
[],
String
$domain_join_principal
=
''
,
String
$domain_join_password
=
''
,
Boolean
$enable_hostname
=
true
,
Boolean
$enable_ip_address
=
false
,
Boolean
$fixed_primary
=
false
,
Integer
$idstart
=
10000
,
Boolean
$install_autofs
=
false
,
Boolean
$install_epel
=
true
,
Boolean
$install_kstart
=
true
,
Boolean
$install_sssdtools
=
true
,
String
$ipa_client_package_name
=
$::osfamily
?
{
'Debian'
=>
'freeipa-client'
,
default
=>
'ipa-client'
,
},
String
$ipa_server_package_name
=
'ipa-server'
,
Boolean
$install_ipa_client
=
true
,
Boolean
$install_ipa_server
=
true
,
Boolean
$install_sssd
=
true
,
St
ring
$ip_address
=
''
,
St
ring
$ipa_server_fqdn
=
$::fqdn
,
String
$kstart_package_name
=
'kstart'
,
String
$ldaputils_package_name
=
$::osfamily
?
{
String
$ipa_server_package_name
=
'ipa-server'
,
Boolean
$install_ipa_client
=
true
,
Boolean
$install_ipa_server
=
true
,
Boolean
$install_sssd
=
true
,
St
dlib
::
IP
::
Address
::
V4
$ip_address
=
'
0.0.0.0
'
,
St
dlib
::
Fqdn
$ipa_server_fqdn
=
$::fqdn
,
String
$kstart_package_name
=
'kstart'
,
String
$ldaputils_package_name
=
$::osfamily
?
{
'Debian'
=>
'ldap-utils'
,
default
=>
'openldap-clients'
,
},
St
ring
$ipa_master_fqdn
=
''
,
Boolean
$manage_host_entry
=
false
,
Boolean
$mkhomedir
=
true
,
Boolean
$no_ui_redirect
=
false
,
St
ring
$realm
=
''
,
Boolean
$server_install_ldaputils
=
true
,
String
$sssd_package_name
=
'sssd-common'
,
String
$sssdtools_package_name
=
'sssd-tools'
,
Boolean
$webui_disable_kerberos
=
false
,
Boolean
$webui_enable_proxy
=
false
,
Boolean
$webui_force_https
=
false
,
St
ring
$webui_proxy_external_fqdn
=
'localhost'
,
String
$webui_proxy_https_port
=
'8440'
,
St
dlib
::
Fqdn
$ipa_master_fqdn
=
'
default
'
,
Boolean
$manage_host_entry
=
false
,
Boolean
$mkhomedir
=
true
,
Boolean
$no_ui_redirect
=
false
,
St
dlib
::
Fqdn
$realm
=
'
default
'
,
Boolean
$server_install_ldaputils
=
true
,
String
$sssd_package_name
=
'sssd-common'
,
String
$sssdtools_package_name
=
'sssd-tools'
,
Boolean
$webui_disable_kerberos
=
false
,
Boolean
$webui_enable_proxy
=
false
,
Boolean
$webui_force_https
=
false
,
St
dlib
::
Fqdn
$webui_proxy_external_fqdn
=
'localhost'
,
String
$webui_proxy_https_port
=
'8440'
,
)
{
if
$facts
[
'kernel'
]
!=
'Linux'
or
$facts
[
'osfamily'
]
==
'Windows'
{
fail
(
'This module is only supported on Linux.'
)
}
if
$realm
!=
''
{
if
$realm
!=
'
default
'
{
$final_realm
=
$realm
}
else
{
$final_realm
=
upcase
(
$domain
)
...
...
manifests/validate_params.pp
View file @
7681745f
...
...
@@ -14,33 +14,17 @@ class freeipa::validate_params {
default
:
{
fail
(
'The parameter ipa_role must be set to client, master, or replica.'
)}
}
if
$freeipa::ip_address
!=
''
{
# TODO: validate_legacy
if
!
is_ipv4_address
(
$freeipa::ip_address
)
{
fail
(
'The parameter ip_address must pass validation as an IPv4 address.'
)
}
}
if
$freeipa::manage_host_entry
{
if
$freeipa::ip_address
==
''
{
if
$freeipa::ip_address
==
'
0.0.0.0
'
{
fail
(
'When using the parameter manage_host_entry, the parameter ip_address is mandatory.'
)
}
}
if
$freeipa::idstart
<
10000
{
fail
(
'Parameter "idstart" must be an integer greater than 10000.'
)
}
# TODO: validate_legacy
if
!
is_domain_name
(
$freeipa::domain
)
{
fail
(
'The parameter \'domain\' must pass validation as a domain name.'
)
}
# TODO: validate_legacy
if
!
is_domain_name
(
$freeipa::final_realm
)
{
fail
(
'The parameter \'realm\' must pass validation as a domain name.'
)
}
if
$freeipa::ipa_role
==
'master'
{
if
length
(
$freeipa::admin_password
)
<
8
{
fail
(
'When ipa_role is set to master, the parameter admin_password must be populated and at least of length 8.'
)
...
...
@@ -56,11 +40,8 @@ must be populated and at least of length 8."
if
$freeipa::ipa_role
!=
'master'
{
# if replica or client
# TODO: validate_legacy
if
$freeipa::ipa_master_fqdn
==
''
{
fail
(
"When creating a
${freeipa::ipa_role}
the parameter named ipa_master_fqdn cannot be empty."
)
}
elsif
!
is_domain_name
(
$freeipa::ipa_master_fqdn
)
{
fail
(
'The parameter \'ipa_master_fqdn\' must pass validation as a domain name.'
)
if
$freeipa::ipa_master_fqdn
==
'default'
{
fail
(
"When creating a
${freeipa::ipa_role}
the parameter named ipa_master_fqdn must be set."
)
}
if
$freeipa::final_domain_join_password
==
''
{
...
...
spec/classes/init_spec.rb
View file @
7681745f
...
...
@@ -105,47 +105,6 @@ describe 'freeipa', type: :class do
it
{
is_expected
.
to
raise_error
(
Puppet
::
Error
,
%r{populated and at least of length 8}
)
}
end
context
'with bad ip_address'
do
let
:params
do
{
ipa_role:
'master'
,
domain:
'rspec.example.lan'
,
admin_password:
'rspecrspec123'
,
directory_services_password:
'rspecrspec123'
,
ip_address:
'not_an_ip'
}
end
it
{
is_expected
.
to
raise_error
(
Puppet
::
Error
,
%r{parameter ip_address must pass validation}
)
}
end
context
'with bad domain'
do
let
:params
do
{
ipa_role:
'master'
,
domain:
'not_a_domain'
,
admin_password:
'rspecrspec123'
,
directory_services_password:
'rspecrspec123'
}
end
it
{
is_expected
.
to
raise_error
(
Puppet
::
Error
,
%r{must pass validation as a domain name}
)
}
end
context
'with bad realm'
do
let
:params
do
{
ipa_role:
'master'
,
domain:
'rspec.example.lan'
,
realm:
'not_a_realm'
,
admin_password:
'rspecrspec123'
,
directory_services_password:
'rspecrspec123'
}
end
it
{
is_expected
.
to
raise_error
(
Puppet
::
Error
,
%r{must pass validation as a domain name}
)
}
end
end
context
'as replica'
do
...
...
@@ -191,20 +150,7 @@ describe 'freeipa', type: :class do
}
end
it
{
is_expected
.
to
raise_error
(
Puppet
::
Error
,
%r{parameter named ipa_master_fqdn cannot be empty}
)
}
end
context
'with bad ipa_master_fqdn'
do
let
:params
do
{
ipa_role:
'replica'
,
domain:
'rspec.example.lan'
,
ipa_master_fqdn:
'not_an_fqdn'
,
domain_join_password:
'rspecrspec123'
}
end
it
{
is_expected
.
to
raise_error
(
Puppet
::
Error
,
%r{pass validation as a domain name}
)
}
it
{
is_expected
.
to
raise_error
(
Puppet
::
Error
,
%r{parameter named ipa_master_fqdn must be set}
)
}
end
context
'missing domain_join_password'
do
...
...
@@ -271,7 +217,7 @@ describe 'freeipa', type: :class do
}
end
it
{
is_expected
.
to
raise_error
(
Puppet
::
Error
,
%r{parameter named ipa_master_fqdn
cannot be empty
}
)
}
it
{
is_expected
.
to
raise_error
(
Puppet
::
Error
,
%r{parameter named ipa_master_fqdn
must be set
}
)
}
end
context
'missing domain_join_password'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment