Puppet Class: rundeck::config::global::web

Inherits:
rundeck::params
Defined in:
manifests/config/global/web.pp

Overview

Author

Wil Cooley <wcooley(at)nakedape.cc>

License

MIT

Class: rundeck::config::global::web

Manage the application’s web.xml.

Currently only manages the <security-role> required for any user to login and session timout: rundeck.org/docs/administration/authenticating-users.html#security-role rundeck.org/docs/administration/configuration-file-reference.html#session-timeout

Parameters

security_role

Name of role that is required for all users to be allowed access.

session_timeout

Session timeout is an expired time limit for a logged in Rundeck GUI user which as been inactive for a period of time.

security_roles_array_enabled

Boolen value if you want to have more roles in web.xml

security_roles_array

Array value if you set the value ‘security_roles_array_enabled’ to true.

Parameters:

  • security_role (String[1]) (defaults to: $rundeck::params::security_role)
  • session_timeout (Integer[0]) (defaults to: $rundeck::params::session_timeout)
  • security_roles_array_enabled (Boolean) (defaults to: $rundeck::params::security_roles_array_enabled)
  • security_roles_array (Array) (defaults to: $rundeck::params::security_roles_array) 


26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'manifests/config/global/web.pp', line 26

class rundeck::config::global::web (
  String[1] $security_role = $rundeck::params::security_role,
  Integer[0] $session_timeout = $rundeck::params::session_timeout,
  Boolean $security_roles_array_enabled = $rundeck::params::security_roles_array_enabled,
  Array $security_roles_array = $rundeck::params::security_roles_array,
) inherits rundeck::params {
  if $security_roles_array_enabled {
    rundeck::config::securityroles { $security_roles_array: }
  }
  else {
    augeas { 'rundeck/web.xml/security-role/role-name':
      lens    => 'Xml.lns',
      incl    => $rundeck::params::web_xml,
      changes => ["set web-app/security-role/role-name/#text '${security_role}'"],
    }
  }

  augeas { 'rundeck/web.xml/session-config/session-timeout':
    lens    => 'Xml.lns',
    incl    => $rundeck::params::web_xml,
    changes => ["set web-app/session-config/session-timeout/#text '${session_timeout}'"],
  }

  if $rundeck::preauthenticated_config['enabled'] {
    augeas { 'rundeck/web.xml/security-constraint/auth-constraint':
      lens    => 'Xml.lns',
      incl    => $rundeck::params::web_xml,
      changes => ['rm web-app/security-constraint/auth-constraint'],
    }
  }
  else {
    augeas { 'rundeck/web.xml/security-constraint/auth-constraint/role-name':
      lens    => 'Xml.lns',
      incl    => $rundeck::params::web_xml,
      changes => ["set web-app/security-constraint[last()+1]/auth-constraint/role-name/#text '*'"],
      onlyif  => 'match web-app/security-constraint/auth-constraint/role-name size == 0',
    }
  }
}