Defined Type: jwt_authorizer::service
- Defined in:
- modules/jwt_authorizer/manifests/service.pp
Overview
SPDX-License-Identifier: Apache-2.0 Provisions a systemd service instance of jwt-authorizer.
The jwt-authorizer service provides integrated auth with GitLab CI jobs via their short lived JSON Web Tokens to other services like docker_registry_ha. See the nginx configuration of the latter for usage.
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'modules/jwt_authorizer/manifests/service.pp', line 22
define jwt_authorizer::service(
String $listen,
Stdlib::HTTPUrl $keys_url,
Array[String] $issuers,
Wmflib::Ensure $ensure = 'present',
String $owner = 'www-data',
String $group = 'www-data',
Stdlib::Filemode $mode = '0700',
Stdlib::Unixpath $request_prefix = '/',
Optional[Stdlib::Filesource] $validation_template = undef,
) {
require jwt_authorizer
$validation_template_path = "/etc/jwt-authorizer/${title}-validations.tmpl"
$validation_template_ensure = $validation_template ? {
undef => 'absent',
default => $ensure,
}
file { $validation_template_path:
ensure => stdlib::ensure($validation_template_ensure, 'file'),
source => $validation_template,
owner => 'root',
group => 'www-data',
mode => '0640',
before => Systemd::Service[$title],
notify => Service[$title],
}
systemd::service { $title:
ensure => $ensure,
content => template('jwt_authorizer/authorizer.service.erb'),
restart => true,
}
}
|