Puppet Class: profile::sre::check_user

Defined in:
modules/profile/manifests/sre/check_user.pp

Summary

class to install a script for validating user email addresses

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • super_admin (String) (defaults to: lookup('profile::sre::check_user::super_admin'))

    the support admin account to impersonate

  • service_file_source (String) (defaults to: lookup('profile::sre::check_user::service_file'))

    the location in the secret module of the service account json file

  • proxy_server (Stdlib::HTTPUrl) (defaults to: lookup('profile::sre::check_user::proxy_server'))

    the proxy server to use

  • namely_api_key (Sensitive[Optional[String[1]]]) (defaults to: lookup('profile::sre::check_user::namely_api_key'))

    the namely api key



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'modules/profile/manifests/sre/check_user.pp', line 7

class profile::sre::check_user (
    String                         $super_admin         = lookup('profile::sre::check_user::super_admin'),
    String                         $service_file_source = lookup('profile::sre::check_user::service_file'),
    Stdlib::HTTPUrl                $proxy_server        = lookup('profile::sre::check_user::proxy_server'),
    Sensitive[Optional[String[1]]] $namely_api_key      = lookup('profile::sre::check_user::namely_api_key'),
) {
    # python3-google-auth-httplib2 is also required
    # https://github.com/googleapis/google-auth-library-python/issues/190#issuecomment-322837328
    $packages = ['python3-googleapi', 'python3-google-auth', 'python3-google-auth-httplib2']
    ensure_packages($packages)

    $namley_config = $namely_api_key.unwrap.empty.bool2str(
        '',
        "namely_api_key: ${namely_api_key.unwrap}"
    )
    $service_file_path = '/etc/ssl/private/gsuite_service.json'
    $config = @("CONFIG")
    [DEFAULT]
    impersonate: ${super_admin}
    key_file: ${service_file_path}
    proxy_host: ${proxy_server}
    ${namley_config}
    | CONFIG
    file {
        default:
            ensure => file,
            owner  => 'root',
            group  => 'root',
            mode   => '0440';
        $service_file_path:
            show_diff => false,
            backup    => false,
            content   => secret($service_file_source);
        '/etc/check_user.conf':
            show_diff => false,
            backup    => false,
            content   => $config;
        '/usr/local/sbin/check_user':
            mode   => '0550',
            source => 'puppet:///modules/profile/sre/check_user.py';
    }
}