From 4c2be74083287516b72ab4f3ccaaf317ea7a2eb0 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Wed, 11 Nov 2015 13:41:34 -0800
Subject: Add support for code manager which will replace zack r10k

Add pltraing-rbac module
Added a new profile for code_manager that:
 - creates a service users for code manager
 - creates a token for that service user
 - creates a hook on a git server using the token

Turns out that the file function in puppet cannot read files in
/root.  The pe-puppet user needs read permissions on the file
and traversal on the directory which giving to /root would
probably be a bad idea.  So, I just put the file containing
the token in /etc/puppetlabs/puppetserver since I'm not sure
where would be better.
---
 site/profile/templates/code_manager/create_rbac_token.epp | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 site/profile/templates/code_manager/create_rbac_token.epp

(limited to 'site/profile/templates')

diff --git a/site/profile/templates/code_manager/create_rbac_token.epp b/site/profile/templates/code_manager/create_rbac_token.epp
new file mode 100644
index 0000000..31bf00f
--- /dev/null
+++ b/site/profile/templates/code_manager/create_rbac_token.epp
@@ -0,0 +1,7 @@
+<%- | String  $code_manager_service_user,
+      String  $code_manager_service_user_password,
+      String  $classifier_hostname,
+      Integer $classifier_port,
+      String  $token_filename
+| -%>
+/opt/puppetlabs/puppet/bin/curl -k -X POST -H 'Content-Type: application/json' -d '{"login": "<%= $code_manager_service_user %>", "password": "<%= $code_manager_service_user_password %>", "lifetime": "0"}' https://<%= $classifier_hostname %>:<%= $classifier_port %>/rbac-api/v1/auth/token >> <%= $token_filename %>
-- 
cgit v1.2.3