5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
# File 'modules/profile/manifests/sre/check_user.pp', line 5
class profile::sre::check_user (
String $super_admin = lookup('profile::sre::check_user::super_admin'),
String $service_file_source = lookup('profile::sre::check_user::service_file'),
Stdlib::HTTPUrl $proxy_server = lookup('profile::sre::check_user::proxy_server'),
) {
# python3-google-auth-httplib2 is also required
# https://github.com/googleapis/google-auth-library-python/issues/190#issuecomment-322837328
$packages = ['python3-googleapi', 'python3-google-auth', 'python3-google-auth-httplib2']
# need at least version 1.6.0
# https://github.com/googleapis/google-auth-library-python/issues/190#issuecomment-322640637
apt::pin {'python3-googleapi':
pin => 'release a=buster-backports',
priority => 1001,
}
ensure_packages($packages)
$service_file_path = '/etc/ssl/private/gsuite_service.json'
$config = @("CONFIG")
[DEFAULT]
impersonate: ${super_admin}
key_file: ${service_file_path}
proxy_host: ${proxy_server}
| CONFIG
file{
default:
ensure => file,
owner => 'root',
group => 'root',
mode => '0440';
$service_file_path:
content => secret($service_file_source);
'/etc/check_user.conf':
content => $config;
'/usr/local/sbin/check_user':
mode => '0550',
source => 'puppet:///modules/profile/sre/check_user.py';
}
}
|