6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
# File 'manifests/authentication.pp', line 6
class splunk::authentication
(
$splunk_home = $splunk::splunk_home,
$splunk_os_user = $splunk::real_splunk_os_user,
$splunk_os_group = $splunk::real_splunk_os_group,
$splunk_dir_mode = $splunk::real_splunk_dir_mode,
$splunk_file_mode = $splunk::real_splunk_file_mode,
$auth = $splunk::auth,
$splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
$splunk_app_replace = $splunk::splunk_app_replace,
$rolemap = $splunk::rolemap
){
$splunk_app_name = 'puppet_common_auth'
case $auth['authtype'] {
'Splunk': {
file {"${splunk_home}/etc/apps/${splunk_app_name}_ldap_base":
ensure => absent,
recurse => true,
purge => true,
force => true,
}
file {"${splunk_home}/etc/apps/${splunk_app_name}_saml_base":
ensure => absent,
recurse => true,
purge => true,
force => true,
}
}
'SAML': {
$auth_defaults = $splunk::params::auth
case $auth['saml_idptype'] {
'ADFS': {
# parameters are set in the erb template
}
default: {
fail 'Unsupported Identity Provider' }
}
file {"${splunk_home}/etc/apps/${splunk_app_name}_ldap_base":
ensure => absent,
recurse => true,
purge => true,
force => true,
}
-> file { [
"${splunk_home}/etc/apps/${splunk_app_name}_saml_base",
"${splunk_home}/etc/apps/${splunk_app_name}_saml_base/${splunk_app_precedence_dir}",
"${splunk_home}/etc/apps/${splunk_app_name}_saml_base/metadata",]:
ensure => directory,
owner => $splunk_os_user,
group => $splunk_os_group,
mode => $splunk_dir_mode,
}
-> file { "${splunk_home}/etc/apps/${splunk_app_name}_saml_base/${splunk_app_precedence_dir}/authentication.conf":
ensure => present,
owner => $splunk_os_user,
group => $splunk_os_group,
mode => $splunk_file_mode,
replace => $splunk_app_replace,
content => template("splunk/${splunk_app_name}_saml_base/local/authentication.conf"),
}
}
'LDAP': {
$auth_defaults = $splunk::params::auth
file {"${splunk_home}/etc/apps/${splunk_app_name}_saml_base":
ensure => absent,
recurse => true,
purge => true,
force => true,
}
-> file { [
"${splunk_home}/etc/apps/${splunk_app_name}_ldap_base",
"${splunk_home}/etc/apps/${splunk_app_name}_ldap_base/${splunk_app_precedence_dir}",
"${splunk_home}/etc/apps/${splunk_app_name}_ldap_base/metadata",]:
ensure => directory,
owner => $splunk_os_user,
group => $splunk_os_group,
mode => $splunk_dir_mode,
}
-> file { "${splunk_home}/etc/apps/${splunk_app_name}_ldap_base/${splunk_app_precedence_dir}/authentication.conf":
ensure => present,
owner => $splunk_os_user,
group => $splunk_os_group,
mode => $splunk_file_mode,
replace => $splunk_app_replace,
content => template("splunk/${splunk_app_name}_ldap_base/local/authentication.conf"),
}
}
default: {
}
}
}
|