Puppet Class: ipa::validate_params

Defined in:
manifests/validate_params.pp

Overview

Validates input configs from init.pp.

Parameters:

  • admin_pass (String) (defaults to: $ipa::admin_password)
  • domain (String) (defaults to: $ipa::domain)
  • ds_password (String) (defaults to: $ipa::ds_password)
  • idstart (Integer) (defaults to: $ipa::idstart)
  • ipa_master (String) (defaults to: $ipa::ipa_master_fqdn)
  • ipa_realm (String) (defaults to: $ipa::final_realm)
  • ipa_role (String) (defaults to: $ipa::ipa_role)
  • join_password (Sensitive[String]) (defaults to: $ipa::final_domain_join_password) 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'manifests/validate_params.pp', line 2

class ipa::validate_params (
  String             $admin_pass     = $ipa::admin_password,
  String             $domain         = $ipa::domain,
  String             $ds_password    = $ipa::ds_password,
  Integer            $idstart        = $ipa::idstart,
  String             $ipa_master     = $ipa::ipa_master_fqdn,
  String             $ipa_realm      = $ipa::final_realm,
  String             $ipa_role       = $ipa::ipa_role,
  Sensitive[String]  $join_password  = $ipa::final_domain_join_password,
) {

  case $ipa_role {
    'client': {}
    'master': {}
    'replica': {}
    default: {fail('The parameter ipa_role must be set to client, master, or replica.')}
  }

  if $idstart < 10000 {
    fail('Parameter "idstart" must be an integer greater than 10000.')
  }

  if ($domain !~ Stdlib::Fqdn) {
    fail("ipa::domain '${ipa::domain} is not a valid FQDN. We expect a match for Stdlib::Fqdn")
  }
  if ($ipa_realm !~ Stdlib::Fqdn) {
    fail("ipa::realm '${ipa_realm} is not a valid FQDN. We expect a match for Stdlib::Fqdn")
  }

  if $ipa_role == 'master' {
    if length($admin_pass) < 8 {
      fail('When ipa_role is set to master, the parameter admin_password must be populated and at least of length 8.')
    }

    if length($ds_password) < 8 {
      fail("\
    #When ipa_role is set to master, the parameter ds_password \
    #must be populated and at least of length 8."
      )
    }
  }

  if $ipa_role != 'master' { # if replica or client

    # TODO: validate_legacy
    if $ipa_master == ''{
      fail("When creating a ${ipa_role} the parameter named ipa_master_fqdn cannot be empty.")
    }

    if ($ipa_master !~ Stdlib::Fqdn) {
      fail("ipa::ipa_master_fqdn '${ipa_master} is not a valid FQDN. We expect a match for Stdlib::Fqdn")
    }

    if $join_password.unwrap == '' {
      fail("When creating a ${ipa_role} the parameter named domain_join_password cannot be empty.")
    }
  }
}