Puppet Class: splunk::auth

Defined in:
manifests/auth.pp

Overview

splunk::auth()

create authentication.conf and authorize.conf files to configure user authentication and roles

Parameters:

  • dir (Optional[String]) (defaults to: $splunk::dir)
  • user (Optional[String]) (defaults to: $splunk::user)
  • group (Optional[String]) (defaults to: $splunk::group)
  • authentication (Optional[String]) (defaults to: $splunk::authentication)
  • authconfig (Optional[Hash]) (defaults to: $splunk::authconfig)
  • roles (Optional[Tuple]) (defaults to: $splunk::roles)
  • body (Optional[String]) (defaults to: undef) 


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'manifests/auth.pp', line 6

class splunk::auth(
  Optional[String] $dir            = $splunk::dir,
  Optional[String] $user           = $splunk::user,
  Optional[String] $group          = $splunk::group,
  Optional[String] $authentication = $splunk::authentication,
  Optional[Hash] $authconfig       = $splunk::authconfig,
  Optional[Tuple] $roles           = $splunk::roles,
  Optional[String] $body           = undef
) {

  $local    = "${dir}/etc/system/local"


  file { "${local}/auth.d":
    ensure => 'directory',
    mode   => '0750',
    owner  => $user,
    group  => $group
  }

  if $authentication == 'LDAP' {
    $content = template("${module_name}/auth.d/ldap.erb")

    file { "${local}/auth.d/ldap":
      owner   => $user,
      group   => $group,
      mode    => '0600',
      content => $content,
      require => File["${local}/auth.d"],
      notify  => Exec['update-auth']
    }
  } elsif $authentication == 'SAML' {
    $content = template("${module_name}/auth.d/saml.erb")

    file { "${local}/auth.d/saml":
      owner   => $user,
      group   => $group,
      mode    => '0600',
      content => $content,
      require => File["${local}/auth.d"],
      notify  => Exec['update-auth']
    }

    file { "${local}/auth.d/ldap":
      ensure => absent
    }
  } else {
    file { "${local}/auth.d/ldap":
      ensure => absent
    }
  }

  if $roles.is_a(Tuple) {
    file { "${local}/authorize.conf":
      owner   => $user,
      group   => $group,
      mode    => '0440',
      content => template("${module_name}/authorize.conf.erb"),
      notify  => Service['splunk']
    }
  }
}