diff --git a/manifests/config.pp b/manifests/config.pp index 3f5bc3cf..654304f0 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -92,9 +92,13 @@ feature => 'Realm', listen_on => $::foreman_proxy::realm_listen_on, } - foreman_proxy::settings_file { 'realm_freeipa': - module => false, + + if $foreman_proxy::realm_provider == 'freeipa' { + foreman_proxy::settings_file { 'realm_freeipa': + module => false, + } } + foreman_proxy::settings_file { 'tftp': enabled => $::foreman_proxy::tftp, feature => 'TFTP', diff --git a/manifests/init.pp b/manifests/init.pp index 0c8ba5e6..4e8c635c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -253,6 +253,8 @@ # # $realm_principal:: Kerberos principal for realm updates # +# $ad_config:: Active Directory config to pass into plugin +# # $freeipa_config:: Path to FreeIPA default.conf configuration file # # $freeipa_remove_dns:: Remove DNS entries from FreeIPA when deleting hosts from realm @@ -418,6 +420,7 @@ String $realm_provider = $::foreman_proxy::params::realm_provider, Stdlib::Absolutepath $realm_keytab = $::foreman_proxy::params::realm_keytab, String $realm_principal = $::foreman_proxy::params::realm_principal, + Optional[Foreman_proxy::AdConfig] $ad_config = $::foreman_proxy::params::ad_config, Stdlib::Absolutepath $freeipa_config = $::foreman_proxy::params::freeipa_config, Boolean $freeipa_remove_dns = $::foreman_proxy::params::freeipa_remove_dns, Variant[Undef, String[0], Stdlib::Absolutepath] $keyfile = $::foreman_proxy::params::keyfile, @@ -436,6 +439,18 @@ $real_registered_proxy_url = pick($registered_proxy_url, "https://${::fqdn}:${ssl_port}") + if $realm_provider == 'ad' { + class { '::foreman_proxy::plugin::realm::ad': + realm => $ad_config['realm'], + domain_controller => $ad_config['domain_controller'], + ou => $ad_config['ou'], + computername_prefix => $ad_config['computername_prefix'], + computername_hash => $ad_config['computername_hash'], + computername_use_fqdn => $ad_config['computername_use_fqdn'], + version => $ad_config['version'], + } + } + # lint:ignore:spaceship_operator_without_tag class { '::foreman_proxy::install': } ~> class { '::foreman_proxy::config': } diff --git a/manifests/params.pp b/manifests/params.pp index 78968ef3..b7d434c4 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -348,6 +348,7 @@ $realm_provider = 'freeipa' $realm_keytab = "${etc}/foreman-proxy/freeipa.keytab" $realm_principal = 'realm-proxy@EXAMPLE.COM' + $ad_config = undef $freeipa_config = '/etc/ipa/default.conf' $freeipa_remove_dns = true diff --git a/spec/classes/foreman_proxy__spec.rb b/spec/classes/foreman_proxy__spec.rb index 91e549fc..4165a29d 100644 --- a/spec/classes/foreman_proxy__spec.rb +++ b/spec/classes/foreman_proxy__spec.rb @@ -5,11 +5,28 @@ context "on #{os}" do let(:facts) { facts } - it 'should include classes' do - should contain_class('foreman_proxy::install') - should contain_class('foreman_proxy::config') - should contain_class('foreman_proxy::service') - should contain_class('foreman_proxy::register') + describe 'with defaults' do + it 'should include classes' do + should contain_class('foreman_proxy::install') + should contain_class('foreman_proxy::config') + should contain_class('foreman_proxy::service') + should contain_class('foreman_proxy::register') + end + end + + describe 'with realm_provider => ad' do + let(:params) do + { + :realm_provider => 'ad', + :ad_config => { + 'realm' => 'EXAMPLE.COM', + 'domain_controller' => 'dc.example.com' + } + } + end + it 'should include ad realm' do + should contain_class('foreman_proxy::plugin::realm::ad') + end end end end diff --git a/types/adconfig.pp b/types/adconfig.pp new file mode 100644 index 00000000..35a49c96 --- /dev/null +++ b/types/adconfig.pp @@ -0,0 +1,9 @@ +type Foreman_proxy::AdConfig = Struct[{ + Optional[computername_hash] => Boolean, + Optional[computername_prefix] => String[1], + Optional[computername_use_fqdn] => Boolean, + domain_controller => String[1], + Optional[ou] => String[1], + realm => String[1], + Optional[version] => String[1] +}]