diff --git a/manifests/plugin/salt.pp b/manifests/plugin/salt.pp index a86df178..3be54afc 100644 --- a/manifests/plugin/salt.pp +++ b/manifests/plugin/salt.pp @@ -22,6 +22,8 @@ # # $api_password:: Salt API password # +# $api_interfaces:: Salt API interfaces +# # $saltfile:: Path to Saltfile # # === Advanced parameters: @@ -42,6 +44,7 @@ String $api_auth = $foreman_proxy::plugin::salt::params::api_auth, String $api_username = $foreman_proxy::plugin::salt::params::api_username, String $api_password = $foreman_proxy::plugin::salt::params::api_password, + Array[String] $api_interfaces = $foreman_proxy::plugin::salt::params::api_interfaces, Optional[Stdlib::Absolutepath] $saltfile = $foreman_proxy::plugin::salt::params::saltfile, ) inherits foreman_proxy::plugin::salt::params { $foreman_ssl_cert = pick($foreman_proxy::foreman_ssl_cert, $foreman_proxy::ssl_cert) @@ -55,7 +58,7 @@ ~> file { "${foreman_proxy::etc}/salt/master.d/foreman.conf": ensure => file, content => template('foreman_proxy/plugin/salt_master.conf.erb'), - owner => 'root', + owner => pick($user, $foreman_proxy::user), group => pick($group, $foreman_proxy::user), mode => '0640', } diff --git a/manifests/plugin/salt/params.pp b/manifests/plugin/salt/params.pp index 7140e913..f3b22d07 100644 --- a/manifests/plugin/salt/params.pp +++ b/manifests/plugin/salt/params.pp @@ -15,5 +15,6 @@ $api_auth = 'pam' $api_username = 'saltuser' $api_password = 'saltpassword' + $api_interfaces = ['runner'] $saltfile = undef } diff --git a/spec/classes/foreman_proxy__plugin__salt_spec.rb b/spec/classes/foreman_proxy__plugin__salt_spec.rb index ab1b963e..e45af35e 100644 --- a/spec/classes/foreman_proxy__plugin__salt_spec.rb +++ b/spec/classes/foreman_proxy__plugin__salt_spec.rb @@ -18,6 +18,18 @@ :content => /:enabled: https/ }) end + + it 'should configure master.d/foreman.conf' do + should contain_file('/etc/salt/master.d/foreman.conf'). + with_mode('0640'). + with_owner('root'). + with_group('foreman-proxy'). + with_content(%r{user: root}). + with_content(%r{autosign_grains_dir: /var/lib/foreman-proxy/salt/grains}). + with_content(%r{autosign_file: /etc/salt/autosign.conf}). + with_content(%r{netapi_enable_clients:\n - runner}). + with_content(%r{external_auth:\n pam:\n saltuser:\n - '@runner'}) + end end describe 'with overwritten parameters' do @@ -30,6 +42,7 @@ :api_auth => 'ldap', :api_username => 'saltapi', :api_password => 'letmein', + :api_interfaces => ['runner', 'local', 'ssh', 'wheel'], :saltfile => '/etc/salt/Saltfile', } end @@ -45,6 +58,18 @@ with_content(%r{:api_password: letmein}). with_content(%r{:saltfile: /etc/salt/Saltfile}) end + + it 'should change master.d/foreman.conf parameters' do + should contain_file('/etc/salt/master.d/foreman.conf'). + with_mode('0640'). + with_owner('example'). + with_group('foreman-proxy'). + with_content(%r{user: example}). + with_content(%r{autosign_grains_dir: /var/lib/foreman-proxy/salt/grains}). + with_content(%r{autosign_file: /etc/salt/example.conf}). + with_content(%r{netapi_enable_clients:\n - runner\n - local\n - ssh\n - wheel}). + with_content(%r{external_auth:\n ldap:\n saltapi:\n - '@runner'}) + end end end end diff --git a/templates/plugin/salt_master.conf.erb b/templates/plugin/salt_master.conf.erb index 89e2ba65..d2270e95 100644 --- a/templates/plugin/salt_master.conf.erb +++ b/templates/plugin/salt_master.conf.erb @@ -15,6 +15,11 @@ autosign_file: <%= scope.lookupvar('foreman_proxy::plugin::salt::autosign_file') # permissive_pki_access: True +## +# Salt Master service user +user: <%= scope.lookupvar('::foreman_proxy::plugin::salt::user') %> + + ## # Node classifier master_tops: @@ -39,6 +44,13 @@ rest_cherrypy: ssl_key: <%= @foreman_ssl_key %> ssl_crt: <%= @foreman_ssl_cert %> +<% if scope.lookupvar('foreman_proxy::plugin::salt::api_interfaces').any? -%> +netapi_enable_clients: + <%- scope.lookupvar('foreman_proxy::plugin::salt::api_interfaces').each do |api_item| -%> + - <%= api_item %> + <%- end -%> +<% end -%> + ## # Remote execution provider