|
45 | 45 | Integer $krb5_renew_interval = 0, |
46 | 46 | Optional[Enum['never','try','demand']] $krb5_use_fast = undef, |
47 | 47 | ) { |
| 48 | + # Build configuration content for the Kerberos provider |
| 49 | + $_content = [ |
| 50 | + '# sssd::provider::krb5', |
| 51 | + ] |
| 52 | + |
| 53 | + # Add conditional parameters if defined in the correct order |
| 54 | + if $debug_level { |
| 55 | + $_debug_level_entries = ["debug_level = ${debug_level}"] |
| 56 | + } else { |
| 57 | + $_debug_level_entries = [] |
| 58 | + } |
| 59 | + |
| 60 | + $_debug_timestamps_entries = $debug_timestamps ? { |
| 61 | + true => ['debug_timestamps = true'], |
| 62 | + false => ['debug_timestamps = false'], |
| 63 | + } |
| 64 | + |
| 65 | + $_debug_microseconds_entries = $debug_microseconds ? { |
| 66 | + true => ['debug_microseconds = true'], |
| 67 | + false => ['debug_microseconds = false'], |
| 68 | + } |
| 69 | + |
| 70 | + if $krb5_server { |
| 71 | + $_krb5_server_entries = ["krb5_server = ${krb5_server}"] |
| 72 | + } else { |
| 73 | + $_krb5_server_entries = [] |
| 74 | + } |
| 75 | + |
| 76 | + $_krb5_realm_entries = ["krb5_realm = ${krb5_realm}"] |
| 77 | + |
| 78 | + if $krb5_kpasswd { |
| 79 | + $_krb5_kpasswd_entries = ["krb5_kpasswd = ${krb5_kpasswd}"] |
| 80 | + } else { |
| 81 | + $_krb5_kpasswd_entries = [] |
| 82 | + } |
| 83 | + |
| 84 | + if $krb5_ccachedir { |
| 85 | + $_krb5_ccachedir_entries = ["krb5_ccachedir = ${krb5_ccachedir}"] |
| 86 | + } else { |
| 87 | + $_krb5_ccachedir_entries = [] |
| 88 | + } |
| 89 | + |
| 90 | + if $krb5_ccname_template { |
| 91 | + $_krb5_ccname_template_entries = ["krb5_ccname_template = ${krb5_ccname_template}"] |
| 92 | + } else { |
| 93 | + $_krb5_ccname_template_entries = [] |
| 94 | + } |
| 95 | + |
| 96 | + $_krb5_auth_timeout_entries = ["krb5_auth_timeout = ${krb5_auth_timeout}"] |
| 97 | + |
| 98 | + $_krb5_validate_entries = $krb5_validate ? { |
| 99 | + true => ['krb5_validate = true'], |
| 100 | + false => ['krb5_validate = false'], |
| 101 | + } |
| 102 | + |
| 103 | + if $krb5_keytab { |
| 104 | + $_krb5_keytab_entries = ["krb5_keytab = ${krb5_keytab}"] |
| 105 | + } else { |
| 106 | + $_krb5_keytab_entries = [] |
| 107 | + } |
| 108 | + |
| 109 | + $_krb5_store_password_if_offline_entries = $krb5_store_password_if_offline ? { |
| 110 | + true => ['krb5_store_password_if_offline = true'], |
| 111 | + false => ['krb5_store_password_if_offline = false'], |
| 112 | + } |
| 113 | + |
| 114 | + if $krb5_renewable_lifetime { |
| 115 | + $_krb5_renewable_lifetime_entries = ["krb5_renewable_lifetime = ${krb5_renewable_lifetime}"] |
| 116 | + } else { |
| 117 | + $_krb5_renewable_lifetime_entries = [] |
| 118 | + } |
| 119 | + |
| 120 | + if $krb5_lifetime { |
| 121 | + $_krb5_lifetime_entries = ["krb5_lifetime = ${krb5_lifetime}"] |
| 122 | + } else { |
| 123 | + $_krb5_lifetime_entries = [] |
| 124 | + } |
| 125 | + |
| 126 | + $_krb5_renew_interval_entries = ["krb5_renew_interval = ${krb5_renew_interval}"] |
| 127 | + |
| 128 | + if $krb5_use_fast { |
| 129 | + $_krb5_use_fast_entries = ["krb5_use_fast = ${krb5_use_fast}"] |
| 130 | + } else { |
| 131 | + $_krb5_use_fast_entries = [] |
| 132 | + } |
| 133 | + |
| 134 | + # Combine all configuration entries in the expected order |
| 135 | + $_all_entries = $_content + $_debug_level_entries + $_debug_timestamps_entries + $_debug_microseconds_entries + $_krb5_server_entries + $_krb5_realm_entries + $_krb5_kpasswd_entries + $_krb5_ccachedir_entries + $_krb5_ccname_template_entries + $_krb5_auth_timeout_entries + $_krb5_validate_entries + $_krb5_keytab_entries + $_krb5_store_password_if_offline_entries + $_krb5_renewable_lifetime_entries + $_krb5_lifetime_entries + $_krb5_renew_interval_entries + $_krb5_use_fast_entries |
| 136 | + |
| 137 | + $_final_content = $_all_entries.join("\n") |
| 138 | + |
48 | 139 | sssd::config::entry { "puppet_provider_${name}_krb5": |
49 | 140 | content => epp( |
50 | 141 | "${module_name}/provider/krb5", |
51 | 142 | { |
52 | | - 'domain' => $title, |
53 | | - 'krb5_server' => $krb5_server, |
54 | | - 'krb5_realm' => $krb5_realm, |
55 | | - 'debug_level' => $debug_level, |
56 | | - 'debug_timestamps' => $debug_timestamps, |
57 | | - 'debug_microseconds' => $debug_microseconds, |
58 | | - 'krb5_kpasswd' => $krb5_kpasswd, |
59 | | - 'krb5_ccachedir' => $krb5_ccachedir, |
60 | | - 'krb5_ccname_template' => $krb5_ccname_template, |
61 | | - 'krb5_auth_timeout' => $krb5_auth_timeout, |
62 | | - 'krb5_validate' => $krb5_validate, |
63 | | - 'krb5_keytab' => $krb5_keytab, |
64 | | - 'krb5_store_password_if_offline' => $krb5_store_password_if_offline, |
65 | | - 'krb5_renewable_lifetime' => $krb5_renewable_lifetime, |
66 | | - 'krb5_lifetime' => $krb5_lifetime, |
67 | | - 'krb5_renew_interval' => $krb5_renew_interval, |
68 | | - 'krb5_use_fast' => $krb5_use_fast, |
| 143 | + 'title' => "domain/${title}", |
| 144 | + 'content' => $_final_content, |
69 | 145 | }, |
70 | 146 | ), |
71 | 147 | } |
|
0 commit comments