Puppet Class: authselect

Defined in:
manifests/init.pp

Summary

Manage authselect's active profile

Overview

This will select the requested authselect profile

group: files systemd if “with-custom-group” netgroup: files if “with-custom-netgroup” automount: files if “with-custom-automount” services: files if “with-custom-services” sudoers: files if “with-sudo”‘

ensure: 'file'
owner: 'root'
group: 'root'
mode: '0664'

Examples:

Specifying a custom profile

authselect::profile: 'custom/custom_profile_name'

Specifying a vendor profile

authselect::profile: 'sssd'

Creating several profiles with different parameters

authselect::custom_profiles:
  'local_user_minimal':
    base_profile: 'minimal'
  'local_user_linked_nsswitch':
    symlink_nsswitch: true
  'local_user_custom_nsswitch':
    contents:
      'nsswitch.conf':
        content: 'passwd:     files systemd   {exclude if "with-custom-passwd"}

Parameters:

  • package_manage (Boolean)

    Should this class manage the authselect package(s)

  • package_ensure (String)

    Passed to ‘package` `ensure` for the authselect package(s)

  • package_names (Array[String[1], 1])

    Packages to manage in this class

  • profile_manage (Boolean)

    Should this class set the active profile

  • profile (String[1])

    Which authselect profile should be used. Note: If using a custom (non-vendor) profile you must prefix the name with ‘custom/’

  • profile_options (Array[String, 0])

    What options should we pass to authselect ie, what features should be enabled/disabled?

  • custom_profiles (Hash)

    Custom profiles to manage



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'manifests/init.pp', line 44

class authselect (
  Boolean $package_manage,
  String  $package_ensure,
  Array[String[1], 1] $package_names,
  Boolean $profile_manage,
  String[1] $profile,
  Array[String, 0] $profile_options,
  Hash $custom_profiles,
) {
  if $package_manage {
    include 'authselect::package'
  }

  if $profile_manage and $package_ensure != 'absent' {
    include 'authselect::config'
  }

  $custom_profiles.each |$key, $value| {
    authselect::custom_profile { $key:
      * => $value,
    }
  }

  $_selected_profile = "${profile.split('/')[1]}"
  if $_selected_profile in $custom_profiles.keys and $profile_manage and $package_ensure != 'absent' {
    Authselect::Custom_profile[$_selected_profile] ~> Class['authselect::config']
  }
}