Puppet Class: profile::sre::check_user

Defined in:
modules/profile/manifests/sre/check_user.pp

Overview

Parameters:

  • super_admin (String) (defaults to: lookup('profile::sre::check_user::super_admin'))

    the support admin account to impersonate

  • service_file_source (String) (defaults to: lookup('profile::sre::check_user::service_file'))

    the location in the secret module of the service account json file

  • proxy_server (Stdlib::HTTPUrl) (defaults to: lookup('profile::sre::check_user::proxy_server'))

    the proxy server to use



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'modules/profile/manifests/sre/check_user.pp', line 5

class profile::sre::check_user (
    String          $super_admin         = lookup('profile::sre::check_user::super_admin'),
    String          $service_file_source = lookup('profile::sre::check_user::service_file'),
    Stdlib::HTTPUrl $proxy_server        = lookup('profile::sre::check_user::proxy_server'),
) {
    # python3-google-auth-httplib2 is also required
    # https://github.com/googleapis/google-auth-library-python/issues/190#issuecomment-322837328
    $packages = ['python3-googleapi', 'python3-google-auth', 'python3-google-auth-httplib2']
    # need at least version 1.6.0
    # https://github.com/googleapis/google-auth-library-python/issues/190#issuecomment-322640637
    apt::pin {'python3-googleapi':
        pin      => 'release a=buster-backports',
        priority => 1001,
    }
    ensure_packages($packages)

    $service_file_path = '/etc/ssl/private/gsuite_service.json'
    $config = @("CONFIG")
    [DEFAULT]
    impersonate: ${super_admin}
    key_file: ${service_file_path}
    proxy_host: ${proxy_server}
    | CONFIG
    file{
        default:
            ensure => file,
            owner  => 'root',
            group  => 'root',
            mode   => '0440';
        $service_file_path:
            content => secret($service_file_source);
        '/etc/check_user.conf':
            content => $config;
        '/usr/local/sbin/check_user':
            mode   => '0550',
            source => 'puppet:///modules/profile/sre/check_user.py';
    }
}