From 09cf733d176bcd7971c086f790683f25d27257d5 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Thu, 14 Dec 2023 13:42:55 +0000 Subject: [PATCH 01/15] puppet8 support --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 249fd2c..8f0159f 100644 --- a/metadata.json +++ b/metadata.json @@ -56,7 +56,7 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 4.7.0 < 8.0.0" + "version_requirement": ">= 4.7.0 < 9.0.0" } ], "source": "https://github.com/ccin2p3/puppet-mit_krb5.git", From cb796bf1500b038a39a933d8e95e5a968bc51bf2 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Thu, 14 Dec 2023 14:02:27 +0000 Subject: [PATCH 02/15] puppet8 support --- manifests/appdefaults.pp | 35 +++++--- manifests/capaths.pp | 2 +- manifests/config/etc_services.pp | 5 +- manifests/dbmodules.pp | 48 +++++------ manifests/domain_realm.pp | 16 ++-- manifests/init.pp | 132 +++++++++++++++++-------------- manifests/install.pp | 8 +- manifests/logging.pp | 13 ++- manifests/plugins.pp | 54 +++---------- manifests/realm.pp | 45 ++++++----- 10 files changed, 173 insertions(+), 185 deletions(-) diff --git a/manifests/appdefaults.pp b/manifests/appdefaults.pp index b3ec52c..80a377d 100644 --- a/manifests/appdefaults.pp +++ b/manifests/appdefaults.pp @@ -12,20 +12,31 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # - -define mit_krb5::appdefaults( - $debug = '', - $ticket_lifetime = '', - $renew_lifetime = '', - $forwardable = '', - $krb4_convert = '', - $ignore_afs = '', +# @param debug +# +# @param ticket_lifetime +# +# @param renew_lifetime +# +# @param forwardable +# +# @param krb4_convert +# +# @param ignore_afs +# +define mit_krb5::appdefaults ( + Optional[String] $debug = undef, + Optional[String] $ticket_lifetime = undef, + Optional[String] $renew_lifetime = undef, + Optional[String] $forwardable = undef, + Optional[String] $krb4_convert = undef, + Optional[String] $ignore_afs = undef, ) { include mit_krb5 ensure_resource('concat::fragment', 'mit_krb5::appdefaults_header', { - target => $mit_krb5::krb5_conf_path, - order => '50appdefauls_header', - content => "\n[appdefaults]", + target => $mit_krb5::krb5_conf_path, + order => '50appdefauls_header', + content => "\n[appdefaults]", }) concat::fragment { "mit_krb5::appdefaults::${title}": target => $mit_krb5::krb5_conf_path, @@ -33,5 +44,3 @@ content => template('mit_krb5/appdefaults.erb'), } } - - diff --git a/manifests/capaths.pp b/manifests/capaths.pp index b55e241..ba9a156 100644 --- a/manifests/capaths.pp +++ b/manifests/capaths.pp @@ -11,6 +11,6 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -define mit_krb5::capaths() { +define mit_krb5::capaths () { fail('PLACEHOLDER: Not yet implemented') } diff --git a/manifests/config/etc_services.pp b/manifests/config/etc_services.pp index ee6d11c..2d6ef98 100644 --- a/manifests/config/etc_services.pp +++ b/manifests/config/etc_services.pp @@ -1,6 +1,5 @@ # class mit_krb5::config::etc_services { - $protocols = { 'tcp' => 88, 'udp' => 88, @@ -8,8 +7,8 @@ ::etc_services { 'kerberos': protocols => $protocols, - aliases => [ 'kerberos5', 'krb5', 'kerberos-sec' ], - comment => 'Kerberos v5' + aliases => ['kerberos5', 'krb5', 'kerberos-sec'], + comment => 'Kerberos v5', } } diff --git a/manifests/dbmodules.pp b/manifests/dbmodules.pp index a6b48b0..f6704e2 100644 --- a/manifests/dbmodules.pp +++ b/manifests/dbmodules.pp @@ -16,15 +16,15 @@ # value should be db2 for the DB2 module and kldap for the LDAP module. # # [*disable_last_success*] -# If set to true, suppresses KDC updates to the “Last successful -# authentication” field of principal entries requiring preauthentication. +# If set to true, suppresses KDC updates to the “Last successful +# authenticationâ€� field of principal entries requiring preauthentication. # Setting this flag may improve performance. (Principal entries which do not -# require preauthentication never update the “Last successful authentication” +# require preauthentication never update the “Last successful authenticationâ€� # field.). First introduced in release 1.9. # # [*disable_lockout*] -# If set to true, suppresses KDC updates to the “Last failed authentication” -# and “Failed password attempts” fields of principal entries requiring +# If set to true, suppresses KDC updates to the “Last failed authenticationâ€� +# and “Failed password attemptsâ€� fields of principal entries requiring # preauthentication. Setting this flag may improve performance, but also # disables account lockout. First introduced in release 1.9. # @@ -84,31 +84,31 @@ # Copyright 2016 Modestas Vainius. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -define mit_krb5::dbmodules( - String $realm = $title, - $database_name = '', - $db_library = '', - $disable_last_success = '', - $disable_lockout = '', - $ldap_cert_path = '', - $ldap_conns_per_server = '', - $ldap_kadmind_dn = '', - $ldap_kdc_dn = '', - $ldap_kerberos_container_dn = '', - $ldap_servers = '', - $ldap_service_password_file = '', +define mit_krb5::dbmodules ( + String $realm = $title, + Optional[String] $database_name = undef, + Optional[String] $db_library = undef, + Optional[Boolean] $disable_last_success = undef, + Optional[Boolean] $disable_lockout = undef, + Optional[String] $ldap_cert_path = undef, + Optional[String] $ldap_conns_per_server = undef, + Optional[String] $ldap_kadmind_dn = undef, + Optional[String] $ldap_kdc_dn = undef, + Optional[String] $ldap_kerberos_container_dn = undef, + Optional[String] $ldap_servers = undef, + Optional[String] $ldap_service_password_file = undef, ) { include mit_krb5 ensure_resource('concat::fragment', 'mit_krb5::dbmodules_header', { - target => $mit_krb5::krb5_conf_path, - order => '30dbmodules_header', - content => "\n[dbmodules]\n", + target => $mit_krb5::krb5_conf_path, + order => '30dbmodules_header', + content => "\n[dbmodules]\n", }) if (! empty($mit_krb5::db_module_dir)) { ensure_resource('concat::fragment', 'mit_krb5::dbmodules_db_module_dir', { - target => $mit_krb5::krb5_conf_path, - order => '31dbmodules_db_module_dir', - content => " db_module_dir = ${mit_krb5::db_module_dir}\n", + target => $mit_krb5::krb5_conf_path, + order => '31dbmodules_db_module_dir', + content => " db_module_dir = ${mit_krb5::db_module_dir}\n", }) } concat::fragment { "mit_krb5::dbmodules::${realm}": diff --git a/manifests/domain_realm.pp b/manifests/domain_realm.pp index a015186..cd6e865 100644 --- a/manifests/domain_realm.pp +++ b/manifests/domain_realm.pp @@ -31,17 +31,17 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -define mit_krb5::domain_realm( +define mit_krb5::domain_realm ( Array[String] $domains, String $realm = $title, ) { - include ::mit_krb5 + include mit_krb5 if count($domains) > 0 { ensure_resource('concat::fragment', 'mit_krb5::domain_realm_header', { - target => $mit_krb5::krb5_conf_path, - order => '20domain_realm_header', - content => "[domain_realm]\n", + target => $mit_krb5::krb5_conf_path, + order => '20domain_realm_header', + content => "[domain_realm]\n", }) concat::fragment { "mit_krb5::domain_realm::${title}": target => $mit_krb5::krb5_conf_path, @@ -49,9 +49,9 @@ content => template('mit_krb5/domain_realm.erb'), } ensure_resource('concat::fragment', 'mit_krb5::domain_realm_trailer', { - target => $mit_krb5::krb5_conf_path, - order => '22domain_realm_trailer', - content => "\n", + target => $mit_krb5::krb5_conf_path, + order => '22domain_realm_trailer', + content => "\n", }) } } diff --git a/manifests/init.pp b/manifests/init.pp index 6e7f422..376553b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -226,6 +226,20 @@ # [*krb5_conf_mode*] # File mode for krb5.conf. (Default: 0444) # +# [*alter_etc_services*] +# +# [*domain_realms*] +# +# [*capaths*] +# +# [*appdefaults*] +# +# [*realms*] +# +# [*dbmodules*] +# +# [*krb5_conf_warn*] +# # === Examples # # class { 'mit_krb5': @@ -241,57 +255,57 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -class mit_krb5( - String $default_realm = '', - String $default_keytab_name = '', - $default_tgs_enctypes = [], - $default_tkt_enctypes = [], - String $default_ccache_name = '', - $permitted_enctypes = [], - $allow_weak_crypto = '', - String $clockskew = '', - $ignore_acceptor_hostname = '', - $k5login_authoritative = '', - String $k5login_directory = '', - String $kdc_timesync = '', - String $kdc_req_checksum_type = '', - String $ap_req_checksum_type = '', - String $safe_checksum_type = '', - String $preferred_preauth_types = '', - String $ccache_type = '', - $canonicalize = '', - $dns_canonicalize_hostname = '', - $dns_lookup_kdc = '', - $dns_lookup_realm = '', - $dns_fallback = '', - String $realm_try_domains = '', - $extra_addresses = [], - String $udp_preference_limit = '', - $verify_ap_req_nofail = '', - String $ticket_lifetime = '', - String $renew_lifetime = '', - $noaddresses = '', - $forwardable = '', - $proxiable = '', - $rdns = '', - $pkinit_anchors = '', - $spake_preauth_groups = '', - String $plugin_base_dir = '', - $include = '', - $includedir = '', - $module = '', - String $db_module_dir = '', - String $krb5_conf_path = '/etc/krb5.conf', - String $krb5_conf_owner = 'root', - String $krb5_conf_group = 'root', - String $krb5_conf_mode = '0444', - Boolean $alter_etc_services = false, - Boolean $krb5_conf_warn = true, - Hash $domain_realms = {}, - Hash $capaths = {}, - Hash $appdefaults = {}, - Hash $realms = {}, - Hash $dbmodules = {} +class mit_krb5 ( + Optional[String] $default_realm = undef, + Optional[String] $default_keytab_name = undef, + Array $default_tgs_enctypes = [], + Array $default_tkt_enctypes = [], + Optional[String] $default_ccache_name = undef, + Array $permitted_enctypes = [], + Optional[Boolean] $allow_weak_crypto = undef, + Optional[String] $clockskew = undef, + Optional[String] $ignore_acceptor_hostname = undef, + Optional[String] $k5login_authoritative = undef, + Optional[String] $k5login_directory = undef, + Optional[String] $kdc_timesync = undef, + Optional[String] $kdc_req_checksum_type = undef, + Optional[String] $ap_req_checksum_type = undef, + Optional[String] $safe_checksum_type = undef, + Optional[String] $preferred_preauth_types = undef, + Optional[String] $ccache_type = undef, + Optional[String] $canonicalize = undef, + Optional[Boolean] $dns_canonicalize_hostname = undef, + Optional[Boolean] $dns_lookup_kdc = undef, + Optional[Boolean] $dns_lookup_realm = undef, + Optional[Boolean] $dns_fallback = undef, + Optional[String] $realm_try_domains = undef, + Array $extra_addresses = [], + Optional[String] $udp_preference_limit = undef, + Optional[Boolean] $verify_ap_req_nofail = undef, + Optional[String] $ticket_lifetime = undef, + Optional[String] $renew_lifetime = undef, + Optional[Boolean] $noaddresses = undef, + Optional[Boolean] $forwardable = undef, + Optional[Boolean] $proxiable = undef, + Optional[Boolean] $rdns = undef, + Optional[String] $pkinit_anchors = undef, + Optional[String] $spake_preauth_groups = undef, + Optional[String] $plugin_base_dir = undef, + Optional[String] $include = undef, + Optional[String] $includedir = undef, + Optional[String] $module = undef, + Optional[String] $db_module_dir = undef, + String $krb5_conf_path = '/etc/krb5.conf', + String $krb5_conf_owner = 'root', + String $krb5_conf_group = 'root', + String $krb5_conf_mode = '0444', + Boolean $alter_etc_services = false, + Boolean $krb5_conf_warn = true, + Hash $domain_realms = {}, + Hash $capaths = {}, + Hash $appdefaults = {}, + Hash $realms = {}, + Hash $dbmodules = {}, ) { # SECTION: Parameter validation { # Boolean-type parameters are not type-validated at this time. @@ -305,13 +319,11 @@ # END Parameter validation } # SECTION: Resource creation { - anchor { 'mit_krb5::begin': } - - class { '::mit_krb5::install': } + contain 'mit_krb5::install' if ($alter_etc_services == true) { - class { '::mit_krb5::config::etc_services': - require => Class['::mit_krb5::install'] + class { 'mit_krb5::config::etc_services': + require => Class['mit_krb5::install'], } } @@ -319,7 +331,7 @@ owner => $krb5_conf_owner, group => $krb5_conf_group, mode => $krb5_conf_mode, - warn => $krb5_conf_warn + warn => $krb5_conf_warn, } concat::fragment { 'mit_krb5::header': target => $krb5_conf_path, @@ -339,13 +351,11 @@ create_resources('mit_krb5::realm', $realms) create_resources('mit_krb5::dbmodules', $dbmodules) - anchor { 'mit_krb5::end': } # END Resource creation } # SECTION: Resource ordering { - Anchor['mit_krb5::begin'] - -> Class['mit_krb5::install'] + contain 'mit_krb5::install' + Class['mit_krb5::install'] -> Concat[$krb5_conf_path] - -> Anchor['mit_krb5::end'] # END Resource ordering } } diff --git a/manifests/install.pp b/manifests/install.pp index 56b6d4f..fe69d51 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -11,7 +11,11 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -class mit_krb5::install($packages = undef) { +# @param packages +# +class mit_krb5::install ( + Optional[String] $packages = undef, +) { if $packages { if is_array($packages) { $install = flatten($packages) @@ -20,7 +24,7 @@ } } else { # OS-specific defaults - $install = $::osfamily ? { + $install = $facts['os']['family'] ? { 'Archlinux' => ['krb5'], 'Debian' => ['krb5-user'], 'Gentoo' => ['mit-krb5'], diff --git a/manifests/logging.pp b/manifests/logging.pp index 5eb6f22..80cd780 100644 --- a/manifests/logging.pp +++ b/manifests/logging.pp @@ -40,14 +40,13 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -class mit_krb5::logging( - $default = '', - $admin_server = '', - $kdc = '', - $defaults = '', +class mit_krb5::logging ( + Optional[String] $default = undef, + Optional[String] $admin_server = undef, + Optional[String] $kdc = undef, + Optional[String] $defaults = undef, ) { - - include ::mit_krb5 + include mit_krb5 concat::fragment { 'mit_krb5::logging': target => $mit_krb5::krb5_conf_path, diff --git a/manifests/plugins.pp b/manifests/plugins.pp index 99b1d29..18c9bd0 100644 --- a/manifests/plugins.pp +++ b/manifests/plugins.pp @@ -2,37 +2,6 @@ # # Configure plugins section of krb5.conf # -# === Possible subsections (resource titles) -# -# [*ccselect*] -# The ccselect subsection controls modules for credential cache selection -# within a cache collection. -# -# [*pwqual*] -# The pwqual subsection controls modules for the password quality interface. -# -# [*kadm5_hook*] -# The kadm5_hook interface provides plugins with information on -# principal creation, modification, password changes and deletion. -# -# [*clpreauth*] -# The clpreauth interface allows plugin modules to provide -# client preauthentication mechanisms. -# -# [*kdcpreauth*] -# The kdcpreauth interface allows plugin modules to provide -# KDC preauthentication mechanisms. -# -# [*hostrealm*] -# The hostrealm section controls modules for the host-to-realm interface, -# which affects the local mapping of hostnames to realm names and -# the choice of default realm. -# -# [*localauth*] -# The localauth section controls modules for the local authorization -# interface, which affects the relationship between Kerberos principals -# and local system accounts. -# # === Parameters # # [*disable*] @@ -70,13 +39,12 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -define mit_krb5::plugins( - $disable = undef, - $enable_only = undef, - $module = undef, +define mit_krb5::plugins ( + Optional[String] $disable = undef, + Optional[String] $enable_only = undef, + Optional[String] $module = undef, ) { - - include ::mit_krb5 + include mit_krb5 $interfaces = [ 'ccselect', @@ -92,9 +60,9 @@ } ensure_resource('concat::fragment', 'mit_krb5::plugins_header', { - target => $mit_krb5::krb5_conf_path, - order => '40plugins_header', - content => "[plugins]\n", + target => $mit_krb5::krb5_conf_path, + order => '40plugins_header', + content => "[plugins]\n", }) concat::fragment { "mit_krb5::plugins::${title}": target => $mit_krb5::krb5_conf_path, @@ -102,8 +70,8 @@ content => template('mit_krb5/plugins.erb'), } ensure_resource('concat::fragment', 'mit_krb5::plugins_trailer', { - target => $mit_krb5::krb5_conf_path, - order => '42plugins_trailer', - content => "\n", + target => $mit_krb5::krb5_conf_path, + order => '42plugins_trailer', + content => "\n", }) } diff --git a/manifests/realm.pp b/manifests/realm.pp index b37353b..eb979a5 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -18,7 +18,7 @@ # [*master_kdc*] # Identifies the master KDC(s). Currently, this tag is used in only one case: # If an attempt to get credentials fails because of an invalid password, the -# client software will attempt to contact the master KDC, in case the user’s +# client software will attempt to contact the master KDC, in case the user’s # password has just been changed, and the updated database has not been # propagated to the slave servers yet. # @@ -60,7 +60,7 @@ # TEST4 = host2 # } # } -# +# # [*auth_to_local_names*] # This subsection allows you to set explicit mappings from principal names to # local user names. The tag is the mapping name, and the value is the @@ -115,30 +115,29 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -define mit_krb5::realm( - $kdc = '', - $master_kdc = '', - $admin_server = '', - $database_module = '', - $default_domain = '', - $v4_instance_convert = '', - $v4_realm = '', - $auth_to_local_names = '', - $auth_to_local = '', - $kpasswd_server = '', - $v4_realm_convert = '', - $pkinit_anchors = '', - $pkinit_pool = '', - Boolean $rotate_servers = false, - $http_anchors = '', +define mit_krb5::realm ( + Optional[Array] $kdc = undef, + Optional[String] $master_kdc = undef, + Optional[Array] $admin_server = undef, + Optional[String] $database_module = undef, + Optional[String] $default_domain = undef, + Optional[String] $v4_instance_convert = undef, + Optional[String] $v4_realm = undef, + Optional[String] $auth_to_local_names = undef, + Optional[String] $auth_to_local = undef, + Optional[String] $kpasswd_server = undef, + Array $v4_realm_convert = [], + Optional[String] $pkinit_anchors = undef, + Optional[String] $pkinit_pool = undef, + Boolean $rotate_servers = false, + Optional[String] $http_anchors = undef, ) { - - include ::mit_krb5 + include mit_krb5 ensure_resource('concat::fragment', 'mit_krb5::realm_header', { - target => $mit_krb5::krb5_conf_path, - order => '10realm_header', - content => "[realms]\n", + target => $mit_krb5::krb5_conf_path, + order => '10realm_header', + content => "[realms]\n", }) concat::fragment { "mit_krb5::realm::${title}": target => $mit_krb5::krb5_conf_path, From 15cc7b86f4670ace041a377cf7d92a02200c54a9 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:52:24 +0200 Subject: [PATCH 03/15] Update dbmodules.pp --- manifests/dbmodules.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/dbmodules.pp b/manifests/dbmodules.pp index f6704e2..d2be010 100644 --- a/manifests/dbmodules.pp +++ b/manifests/dbmodules.pp @@ -16,15 +16,15 @@ # value should be db2 for the DB2 module and kldap for the LDAP module. # # [*disable_last_success*] -# If set to true, suppresses KDC updates to the “Last successful -# authenticationâ€� field of principal entries requiring preauthentication. +# If set to true, suppresses KDC updates to the “Last successful +# authentication” field of principal entries requiring preauthentication. # Setting this flag may improve performance. (Principal entries which do not -# require preauthentication never update the “Last successful authenticationâ€� +# require preauthentication never update the “Last successful authentication” # field.). First introduced in release 1.9. # # [*disable_lockout*] -# If set to true, suppresses KDC updates to the “Last failed authenticationâ€� -# and “Failed password attemptsâ€� fields of principal entries requiring +# If set to true, suppresses KDC updates to the “Last failed authentication” +# and “Failed password attempts” fields of principal entries requiring # preauthentication. Setting this flag may improve performance, but also # disables account lockout. First introduced in release 1.9. # From 1c5f15564f6aefeb30985a5a0abc5d4ef34e772b Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:53:59 +0200 Subject: [PATCH 04/15] Update realm.pp --- manifests/realm.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/realm.pp b/manifests/realm.pp index eb979a5..b4ded66 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -18,7 +18,7 @@ # [*master_kdc*] # Identifies the master KDC(s). Currently, this tag is used in only one case: # If an attempt to get credentials fails because of an invalid password, the -# client software will attempt to contact the master KDC, in case the user’s +# client software will attempt to contact the master KDC, in case the user’s # password has just been changed, and the updated database has not been # propagated to the slave servers yet. # From 418f364413608cd2786e6e19c6c7157777ab22e2 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Thu, 14 Dec 2023 13:42:55 +0000 Subject: [PATCH 05/15] puppet8 support --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 8bde25f..46e6510 100644 --- a/metadata.json +++ b/metadata.json @@ -56,7 +56,7 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 4.7.0 < 8.0.0" + "version_requirement": ">= 4.7.0 < 9.0.0" } ], "source": "https://github.com/ccin2p3/puppet-mit_krb5.git", From 1390e9a37161d55fde8bb4f58f3c837faf822f26 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Thu, 14 Dec 2023 14:02:27 +0000 Subject: [PATCH 06/15] puppet8 support --- manifests/appdefaults.pp | 35 +++++--- manifests/capaths.pp | 2 +- manifests/config/etc_services.pp | 5 +- manifests/dbmodules.pp | 48 +++++------ manifests/domain_realm.pp | 16 ++-- manifests/init.pp | 132 +++++++++++++++++-------------- manifests/install.pp | 6 +- manifests/logging.pp | 13 ++- manifests/plugins.pp | 54 +++---------- manifests/realm.pp | 45 ++++++----- 10 files changed, 172 insertions(+), 184 deletions(-) diff --git a/manifests/appdefaults.pp b/manifests/appdefaults.pp index b3ec52c..80a377d 100644 --- a/manifests/appdefaults.pp +++ b/manifests/appdefaults.pp @@ -12,20 +12,31 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # - -define mit_krb5::appdefaults( - $debug = '', - $ticket_lifetime = '', - $renew_lifetime = '', - $forwardable = '', - $krb4_convert = '', - $ignore_afs = '', +# @param debug +# +# @param ticket_lifetime +# +# @param renew_lifetime +# +# @param forwardable +# +# @param krb4_convert +# +# @param ignore_afs +# +define mit_krb5::appdefaults ( + Optional[String] $debug = undef, + Optional[String] $ticket_lifetime = undef, + Optional[String] $renew_lifetime = undef, + Optional[String] $forwardable = undef, + Optional[String] $krb4_convert = undef, + Optional[String] $ignore_afs = undef, ) { include mit_krb5 ensure_resource('concat::fragment', 'mit_krb5::appdefaults_header', { - target => $mit_krb5::krb5_conf_path, - order => '50appdefauls_header', - content => "\n[appdefaults]", + target => $mit_krb5::krb5_conf_path, + order => '50appdefauls_header', + content => "\n[appdefaults]", }) concat::fragment { "mit_krb5::appdefaults::${title}": target => $mit_krb5::krb5_conf_path, @@ -33,5 +44,3 @@ content => template('mit_krb5/appdefaults.erb'), } } - - diff --git a/manifests/capaths.pp b/manifests/capaths.pp index b55e241..ba9a156 100644 --- a/manifests/capaths.pp +++ b/manifests/capaths.pp @@ -11,6 +11,6 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -define mit_krb5::capaths() { +define mit_krb5::capaths () { fail('PLACEHOLDER: Not yet implemented') } diff --git a/manifests/config/etc_services.pp b/manifests/config/etc_services.pp index ee6d11c..2d6ef98 100644 --- a/manifests/config/etc_services.pp +++ b/manifests/config/etc_services.pp @@ -1,6 +1,5 @@ # class mit_krb5::config::etc_services { - $protocols = { 'tcp' => 88, 'udp' => 88, @@ -8,8 +7,8 @@ ::etc_services { 'kerberos': protocols => $protocols, - aliases => [ 'kerberos5', 'krb5', 'kerberos-sec' ], - comment => 'Kerberos v5' + aliases => ['kerberos5', 'krb5', 'kerberos-sec'], + comment => 'Kerberos v5', } } diff --git a/manifests/dbmodules.pp b/manifests/dbmodules.pp index a6b48b0..f6704e2 100644 --- a/manifests/dbmodules.pp +++ b/manifests/dbmodules.pp @@ -16,15 +16,15 @@ # value should be db2 for the DB2 module and kldap for the LDAP module. # # [*disable_last_success*] -# If set to true, suppresses KDC updates to the “Last successful -# authentication” field of principal entries requiring preauthentication. +# If set to true, suppresses KDC updates to the “Last successful +# authenticationâ€� field of principal entries requiring preauthentication. # Setting this flag may improve performance. (Principal entries which do not -# require preauthentication never update the “Last successful authentication” +# require preauthentication never update the “Last successful authenticationâ€� # field.). First introduced in release 1.9. # # [*disable_lockout*] -# If set to true, suppresses KDC updates to the “Last failed authentication” -# and “Failed password attempts” fields of principal entries requiring +# If set to true, suppresses KDC updates to the “Last failed authenticationâ€� +# and “Failed password attemptsâ€� fields of principal entries requiring # preauthentication. Setting this flag may improve performance, but also # disables account lockout. First introduced in release 1.9. # @@ -84,31 +84,31 @@ # Copyright 2016 Modestas Vainius. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -define mit_krb5::dbmodules( - String $realm = $title, - $database_name = '', - $db_library = '', - $disable_last_success = '', - $disable_lockout = '', - $ldap_cert_path = '', - $ldap_conns_per_server = '', - $ldap_kadmind_dn = '', - $ldap_kdc_dn = '', - $ldap_kerberos_container_dn = '', - $ldap_servers = '', - $ldap_service_password_file = '', +define mit_krb5::dbmodules ( + String $realm = $title, + Optional[String] $database_name = undef, + Optional[String] $db_library = undef, + Optional[Boolean] $disable_last_success = undef, + Optional[Boolean] $disable_lockout = undef, + Optional[String] $ldap_cert_path = undef, + Optional[String] $ldap_conns_per_server = undef, + Optional[String] $ldap_kadmind_dn = undef, + Optional[String] $ldap_kdc_dn = undef, + Optional[String] $ldap_kerberos_container_dn = undef, + Optional[String] $ldap_servers = undef, + Optional[String] $ldap_service_password_file = undef, ) { include mit_krb5 ensure_resource('concat::fragment', 'mit_krb5::dbmodules_header', { - target => $mit_krb5::krb5_conf_path, - order => '30dbmodules_header', - content => "\n[dbmodules]\n", + target => $mit_krb5::krb5_conf_path, + order => '30dbmodules_header', + content => "\n[dbmodules]\n", }) if (! empty($mit_krb5::db_module_dir)) { ensure_resource('concat::fragment', 'mit_krb5::dbmodules_db_module_dir', { - target => $mit_krb5::krb5_conf_path, - order => '31dbmodules_db_module_dir', - content => " db_module_dir = ${mit_krb5::db_module_dir}\n", + target => $mit_krb5::krb5_conf_path, + order => '31dbmodules_db_module_dir', + content => " db_module_dir = ${mit_krb5::db_module_dir}\n", }) } concat::fragment { "mit_krb5::dbmodules::${realm}": diff --git a/manifests/domain_realm.pp b/manifests/domain_realm.pp index a015186..cd6e865 100644 --- a/manifests/domain_realm.pp +++ b/manifests/domain_realm.pp @@ -31,17 +31,17 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -define mit_krb5::domain_realm( +define mit_krb5::domain_realm ( Array[String] $domains, String $realm = $title, ) { - include ::mit_krb5 + include mit_krb5 if count($domains) > 0 { ensure_resource('concat::fragment', 'mit_krb5::domain_realm_header', { - target => $mit_krb5::krb5_conf_path, - order => '20domain_realm_header', - content => "[domain_realm]\n", + target => $mit_krb5::krb5_conf_path, + order => '20domain_realm_header', + content => "[domain_realm]\n", }) concat::fragment { "mit_krb5::domain_realm::${title}": target => $mit_krb5::krb5_conf_path, @@ -49,9 +49,9 @@ content => template('mit_krb5/domain_realm.erb'), } ensure_resource('concat::fragment', 'mit_krb5::domain_realm_trailer', { - target => $mit_krb5::krb5_conf_path, - order => '22domain_realm_trailer', - content => "\n", + target => $mit_krb5::krb5_conf_path, + order => '22domain_realm_trailer', + content => "\n", }) } } diff --git a/manifests/init.pp b/manifests/init.pp index 6e7f422..376553b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -226,6 +226,20 @@ # [*krb5_conf_mode*] # File mode for krb5.conf. (Default: 0444) # +# [*alter_etc_services*] +# +# [*domain_realms*] +# +# [*capaths*] +# +# [*appdefaults*] +# +# [*realms*] +# +# [*dbmodules*] +# +# [*krb5_conf_warn*] +# # === Examples # # class { 'mit_krb5': @@ -241,57 +255,57 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -class mit_krb5( - String $default_realm = '', - String $default_keytab_name = '', - $default_tgs_enctypes = [], - $default_tkt_enctypes = [], - String $default_ccache_name = '', - $permitted_enctypes = [], - $allow_weak_crypto = '', - String $clockskew = '', - $ignore_acceptor_hostname = '', - $k5login_authoritative = '', - String $k5login_directory = '', - String $kdc_timesync = '', - String $kdc_req_checksum_type = '', - String $ap_req_checksum_type = '', - String $safe_checksum_type = '', - String $preferred_preauth_types = '', - String $ccache_type = '', - $canonicalize = '', - $dns_canonicalize_hostname = '', - $dns_lookup_kdc = '', - $dns_lookup_realm = '', - $dns_fallback = '', - String $realm_try_domains = '', - $extra_addresses = [], - String $udp_preference_limit = '', - $verify_ap_req_nofail = '', - String $ticket_lifetime = '', - String $renew_lifetime = '', - $noaddresses = '', - $forwardable = '', - $proxiable = '', - $rdns = '', - $pkinit_anchors = '', - $spake_preauth_groups = '', - String $plugin_base_dir = '', - $include = '', - $includedir = '', - $module = '', - String $db_module_dir = '', - String $krb5_conf_path = '/etc/krb5.conf', - String $krb5_conf_owner = 'root', - String $krb5_conf_group = 'root', - String $krb5_conf_mode = '0444', - Boolean $alter_etc_services = false, - Boolean $krb5_conf_warn = true, - Hash $domain_realms = {}, - Hash $capaths = {}, - Hash $appdefaults = {}, - Hash $realms = {}, - Hash $dbmodules = {} +class mit_krb5 ( + Optional[String] $default_realm = undef, + Optional[String] $default_keytab_name = undef, + Array $default_tgs_enctypes = [], + Array $default_tkt_enctypes = [], + Optional[String] $default_ccache_name = undef, + Array $permitted_enctypes = [], + Optional[Boolean] $allow_weak_crypto = undef, + Optional[String] $clockskew = undef, + Optional[String] $ignore_acceptor_hostname = undef, + Optional[String] $k5login_authoritative = undef, + Optional[String] $k5login_directory = undef, + Optional[String] $kdc_timesync = undef, + Optional[String] $kdc_req_checksum_type = undef, + Optional[String] $ap_req_checksum_type = undef, + Optional[String] $safe_checksum_type = undef, + Optional[String] $preferred_preauth_types = undef, + Optional[String] $ccache_type = undef, + Optional[String] $canonicalize = undef, + Optional[Boolean] $dns_canonicalize_hostname = undef, + Optional[Boolean] $dns_lookup_kdc = undef, + Optional[Boolean] $dns_lookup_realm = undef, + Optional[Boolean] $dns_fallback = undef, + Optional[String] $realm_try_domains = undef, + Array $extra_addresses = [], + Optional[String] $udp_preference_limit = undef, + Optional[Boolean] $verify_ap_req_nofail = undef, + Optional[String] $ticket_lifetime = undef, + Optional[String] $renew_lifetime = undef, + Optional[Boolean] $noaddresses = undef, + Optional[Boolean] $forwardable = undef, + Optional[Boolean] $proxiable = undef, + Optional[Boolean] $rdns = undef, + Optional[String] $pkinit_anchors = undef, + Optional[String] $spake_preauth_groups = undef, + Optional[String] $plugin_base_dir = undef, + Optional[String] $include = undef, + Optional[String] $includedir = undef, + Optional[String] $module = undef, + Optional[String] $db_module_dir = undef, + String $krb5_conf_path = '/etc/krb5.conf', + String $krb5_conf_owner = 'root', + String $krb5_conf_group = 'root', + String $krb5_conf_mode = '0444', + Boolean $alter_etc_services = false, + Boolean $krb5_conf_warn = true, + Hash $domain_realms = {}, + Hash $capaths = {}, + Hash $appdefaults = {}, + Hash $realms = {}, + Hash $dbmodules = {}, ) { # SECTION: Parameter validation { # Boolean-type parameters are not type-validated at this time. @@ -305,13 +319,11 @@ # END Parameter validation } # SECTION: Resource creation { - anchor { 'mit_krb5::begin': } - - class { '::mit_krb5::install': } + contain 'mit_krb5::install' if ($alter_etc_services == true) { - class { '::mit_krb5::config::etc_services': - require => Class['::mit_krb5::install'] + class { 'mit_krb5::config::etc_services': + require => Class['mit_krb5::install'], } } @@ -319,7 +331,7 @@ owner => $krb5_conf_owner, group => $krb5_conf_group, mode => $krb5_conf_mode, - warn => $krb5_conf_warn + warn => $krb5_conf_warn, } concat::fragment { 'mit_krb5::header': target => $krb5_conf_path, @@ -339,13 +351,11 @@ create_resources('mit_krb5::realm', $realms) create_resources('mit_krb5::dbmodules', $dbmodules) - anchor { 'mit_krb5::end': } # END Resource creation } # SECTION: Resource ordering { - Anchor['mit_krb5::begin'] - -> Class['mit_krb5::install'] + contain 'mit_krb5::install' + Class['mit_krb5::install'] -> Concat[$krb5_conf_path] - -> Anchor['mit_krb5::end'] # END Resource ordering } } diff --git a/manifests/install.pp b/manifests/install.pp index 9551eea..fe69d51 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -11,7 +11,11 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -class mit_krb5::install($packages = undef) { +# @param packages +# +class mit_krb5::install ( + Optional[String] $packages = undef, +) { if $packages { if is_array($packages) { $install = flatten($packages) diff --git a/manifests/logging.pp b/manifests/logging.pp index 5eb6f22..80cd780 100644 --- a/manifests/logging.pp +++ b/manifests/logging.pp @@ -40,14 +40,13 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -class mit_krb5::logging( - $default = '', - $admin_server = '', - $kdc = '', - $defaults = '', +class mit_krb5::logging ( + Optional[String] $default = undef, + Optional[String] $admin_server = undef, + Optional[String] $kdc = undef, + Optional[String] $defaults = undef, ) { - - include ::mit_krb5 + include mit_krb5 concat::fragment { 'mit_krb5::logging': target => $mit_krb5::krb5_conf_path, diff --git a/manifests/plugins.pp b/manifests/plugins.pp index 99b1d29..18c9bd0 100644 --- a/manifests/plugins.pp +++ b/manifests/plugins.pp @@ -2,37 +2,6 @@ # # Configure plugins section of krb5.conf # -# === Possible subsections (resource titles) -# -# [*ccselect*] -# The ccselect subsection controls modules for credential cache selection -# within a cache collection. -# -# [*pwqual*] -# The pwqual subsection controls modules for the password quality interface. -# -# [*kadm5_hook*] -# The kadm5_hook interface provides plugins with information on -# principal creation, modification, password changes and deletion. -# -# [*clpreauth*] -# The clpreauth interface allows plugin modules to provide -# client preauthentication mechanisms. -# -# [*kdcpreauth*] -# The kdcpreauth interface allows plugin modules to provide -# KDC preauthentication mechanisms. -# -# [*hostrealm*] -# The hostrealm section controls modules for the host-to-realm interface, -# which affects the local mapping of hostnames to realm names and -# the choice of default realm. -# -# [*localauth*] -# The localauth section controls modules for the local authorization -# interface, which affects the relationship between Kerberos principals -# and local system accounts. -# # === Parameters # # [*disable*] @@ -70,13 +39,12 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -define mit_krb5::plugins( - $disable = undef, - $enable_only = undef, - $module = undef, +define mit_krb5::plugins ( + Optional[String] $disable = undef, + Optional[String] $enable_only = undef, + Optional[String] $module = undef, ) { - - include ::mit_krb5 + include mit_krb5 $interfaces = [ 'ccselect', @@ -92,9 +60,9 @@ } ensure_resource('concat::fragment', 'mit_krb5::plugins_header', { - target => $mit_krb5::krb5_conf_path, - order => '40plugins_header', - content => "[plugins]\n", + target => $mit_krb5::krb5_conf_path, + order => '40plugins_header', + content => "[plugins]\n", }) concat::fragment { "mit_krb5::plugins::${title}": target => $mit_krb5::krb5_conf_path, @@ -102,8 +70,8 @@ content => template('mit_krb5/plugins.erb'), } ensure_resource('concat::fragment', 'mit_krb5::plugins_trailer', { - target => $mit_krb5::krb5_conf_path, - order => '42plugins_trailer', - content => "\n", + target => $mit_krb5::krb5_conf_path, + order => '42plugins_trailer', + content => "\n", }) } diff --git a/manifests/realm.pp b/manifests/realm.pp index b37353b..eb979a5 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -18,7 +18,7 @@ # [*master_kdc*] # Identifies the master KDC(s). Currently, this tag is used in only one case: # If an attempt to get credentials fails because of an invalid password, the -# client software will attempt to contact the master KDC, in case the user’s +# client software will attempt to contact the master KDC, in case the user’s # password has just been changed, and the updated database has not been # propagated to the slave servers yet. # @@ -60,7 +60,7 @@ # TEST4 = host2 # } # } -# +# # [*auth_to_local_names*] # This subsection allows you to set explicit mappings from principal names to # local user names. The tag is the mapping name, and the value is the @@ -115,30 +115,29 @@ # Copyright 2013 Patrick Mooney. # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # -define mit_krb5::realm( - $kdc = '', - $master_kdc = '', - $admin_server = '', - $database_module = '', - $default_domain = '', - $v4_instance_convert = '', - $v4_realm = '', - $auth_to_local_names = '', - $auth_to_local = '', - $kpasswd_server = '', - $v4_realm_convert = '', - $pkinit_anchors = '', - $pkinit_pool = '', - Boolean $rotate_servers = false, - $http_anchors = '', +define mit_krb5::realm ( + Optional[Array] $kdc = undef, + Optional[String] $master_kdc = undef, + Optional[Array] $admin_server = undef, + Optional[String] $database_module = undef, + Optional[String] $default_domain = undef, + Optional[String] $v4_instance_convert = undef, + Optional[String] $v4_realm = undef, + Optional[String] $auth_to_local_names = undef, + Optional[String] $auth_to_local = undef, + Optional[String] $kpasswd_server = undef, + Array $v4_realm_convert = [], + Optional[String] $pkinit_anchors = undef, + Optional[String] $pkinit_pool = undef, + Boolean $rotate_servers = false, + Optional[String] $http_anchors = undef, ) { - - include ::mit_krb5 + include mit_krb5 ensure_resource('concat::fragment', 'mit_krb5::realm_header', { - target => $mit_krb5::krb5_conf_path, - order => '10realm_header', - content => "[realms]\n", + target => $mit_krb5::krb5_conf_path, + order => '10realm_header', + content => "[realms]\n", }) concat::fragment { "mit_krb5::realm::${title}": target => $mit_krb5::krb5_conf_path, From 38ace62b7a3a6ebd23b54069d967069678ad80e8 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:52:24 +0200 Subject: [PATCH 07/15] Update dbmodules.pp --- manifests/dbmodules.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/dbmodules.pp b/manifests/dbmodules.pp index f6704e2..d2be010 100644 --- a/manifests/dbmodules.pp +++ b/manifests/dbmodules.pp @@ -16,15 +16,15 @@ # value should be db2 for the DB2 module and kldap for the LDAP module. # # [*disable_last_success*] -# If set to true, suppresses KDC updates to the “Last successful -# authenticationâ€� field of principal entries requiring preauthentication. +# If set to true, suppresses KDC updates to the “Last successful +# authentication” field of principal entries requiring preauthentication. # Setting this flag may improve performance. (Principal entries which do not -# require preauthentication never update the “Last successful authenticationâ€� +# require preauthentication never update the “Last successful authentication” # field.). First introduced in release 1.9. # # [*disable_lockout*] -# If set to true, suppresses KDC updates to the “Last failed authenticationâ€� -# and “Failed password attemptsâ€� fields of principal entries requiring +# If set to true, suppresses KDC updates to the “Last failed authentication” +# and “Failed password attempts” fields of principal entries requiring # preauthentication. Setting this flag may improve performance, but also # disables account lockout. First introduced in release 1.9. # From a3256402e991b5a1610251f1f57b3d4b7011a66e Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:53:59 +0200 Subject: [PATCH 08/15] Update realm.pp --- manifests/realm.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/realm.pp b/manifests/realm.pp index eb979a5..b4ded66 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -18,7 +18,7 @@ # [*master_kdc*] # Identifies the master KDC(s). Currently, this tag is used in only one case: # If an attempt to get credentials fails because of an invalid password, the -# client software will attempt to contact the master KDC, in case the user’s +# client software will attempt to contact the master KDC, in case the user’s # password has just been changed, and the updated database has not been # propagated to the slave servers yet. # From e7cdf20879aaed14e9e48e12e261a256f8a2b6c7 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Wed, 25 Sep 2024 14:16:40 +0000 Subject: [PATCH 09/15] update --- manifests/init.pp | 100 +++++++++++++++++++++---------------------- manifests/install.pp | 2 +- manifests/logging.pp | 8 ++-- manifests/plugins.pp | 6 +-- manifests/realm.pp | 4 +- 5 files changed, 60 insertions(+), 60 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 376553b..607d49f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -256,56 +256,56 @@ # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # class mit_krb5 ( - Optional[String] $default_realm = undef, - Optional[String] $default_keytab_name = undef, - Array $default_tgs_enctypes = [], - Array $default_tkt_enctypes = [], - Optional[String] $default_ccache_name = undef, - Array $permitted_enctypes = [], - Optional[Boolean] $allow_weak_crypto = undef, - Optional[String] $clockskew = undef, - Optional[String] $ignore_acceptor_hostname = undef, - Optional[String] $k5login_authoritative = undef, - Optional[String] $k5login_directory = undef, - Optional[String] $kdc_timesync = undef, - Optional[String] $kdc_req_checksum_type = undef, - Optional[String] $ap_req_checksum_type = undef, - Optional[String] $safe_checksum_type = undef, - Optional[String] $preferred_preauth_types = undef, - Optional[String] $ccache_type = undef, - Optional[String] $canonicalize = undef, - Optional[Boolean] $dns_canonicalize_hostname = undef, - Optional[Boolean] $dns_lookup_kdc = undef, - Optional[Boolean] $dns_lookup_realm = undef, - Optional[Boolean] $dns_fallback = undef, - Optional[String] $realm_try_domains = undef, - Array $extra_addresses = [], - Optional[String] $udp_preference_limit = undef, - Optional[Boolean] $verify_ap_req_nofail = undef, - Optional[String] $ticket_lifetime = undef, - Optional[String] $renew_lifetime = undef, - Optional[Boolean] $noaddresses = undef, - Optional[Boolean] $forwardable = undef, - Optional[Boolean] $proxiable = undef, - Optional[Boolean] $rdns = undef, - Optional[String] $pkinit_anchors = undef, - Optional[String] $spake_preauth_groups = undef, - Optional[String] $plugin_base_dir = undef, - Optional[String] $include = undef, - Optional[String] $includedir = undef, - Optional[String] $module = undef, - Optional[String] $db_module_dir = undef, - String $krb5_conf_path = '/etc/krb5.conf', - String $krb5_conf_owner = 'root', - String $krb5_conf_group = 'root', - String $krb5_conf_mode = '0444', - Boolean $alter_etc_services = false, - Boolean $krb5_conf_warn = true, - Hash $domain_realms = {}, - Hash $capaths = {}, - Hash $appdefaults = {}, - Hash $realms = {}, - Hash $dbmodules = {}, + Optional[String] $default_realm = undef, + Optional[String] $default_keytab_name = undef, + Array $default_tgs_enctypes = [], + Array $default_tkt_enctypes = [], + Optional[String] $default_ccache_name = undef, + Array $permitted_enctypes = [], + Optional[Boolean] $allow_weak_crypto = undef, + Optional[String] $clockskew = undef, + Optional[String] $ignore_acceptor_hostname = undef, + Optional[String] $k5login_authoritative = undef, + Optional[String] $k5login_directory = undef, + Optional[String] $kdc_timesync = undef, + Optional[String] $kdc_req_checksum_type = undef, + Optional[String] $ap_req_checksum_type = undef, + Optional[String] $safe_checksum_type = undef, + Optional[String] $preferred_preauth_types = undef, + Optional[String] $ccache_type = undef, + Optional[String] $canonicalize = undef, + Optional[Boolean] $dns_canonicalize_hostname = undef, + Optional[Boolean] $dns_lookup_kdc = undef, + Optional[Boolean] $dns_lookup_realm = undef, + Optional[Boolean] $dns_fallback = undef, + Optional[String] $realm_try_domains = undef, + Array $extra_addresses = [], + Optional[String] $udp_preference_limit = undef, + Optional[Boolean] $verify_ap_req_nofail = undef, + Optional[String] $ticket_lifetime = undef, + Optional[String] $renew_lifetime = undef, + Optional[Mit_krb5::Bool_or_str] $noaddresses = undef, + Optional[Mit_krb5::Bool_or_str] $forwardable = undef, + Optional[Mit_krb5::Bool_or_str] $proxiable = undef, + Optional[Mit_krb5::Bool_or_str] $rdns = undef, + Optional[Array[String]] $pkinit_anchors = undef, + Optional[Array[String]] $spake_preauth_groups = undef, + Optional[Array[String]] $plugin_base_dir = undef, + Optional[Array[String]] $include = undef, + Optional[Array[String]] $includedir = undef, + Optional[Array[String]] $module = undef, + Optional[String] $db_module_dir = undef, + String $krb5_conf_path = '/etc/krb5.conf', + String $krb5_conf_owner = 'root', + String $krb5_conf_group = 'root', + String $krb5_conf_mode = '0444', + Boolean $alter_etc_services = false, + Boolean $krb5_conf_warn = true, + Hash $domain_realms = {}, + Hash $capaths = {}, + Hash $appdefaults = {}, + Hash $realms = {}, + Hash $dbmodules = {}, ) { # SECTION: Parameter validation { # Boolean-type parameters are not type-validated at this time. diff --git a/manifests/install.pp b/manifests/install.pp index fe69d51..9abe751 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -14,7 +14,7 @@ # @param packages # class mit_krb5::install ( - Optional[String] $packages = undef, + Optional[Variant[String, Array[String]]] $packages = undef, ) { if $packages { if is_array($packages) { diff --git a/manifests/logging.pp b/manifests/logging.pp index 80cd780..e1ae378 100644 --- a/manifests/logging.pp +++ b/manifests/logging.pp @@ -41,10 +41,10 @@ # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # class mit_krb5::logging ( - Optional[String] $default = undef, - Optional[String] $admin_server = undef, - Optional[String] $kdc = undef, - Optional[String] $defaults = undef, + Optional[Array[String]] $default = undef, + Optional[Array[String]] $admin_server = undef, + Optional[Array[String]] $kdc = undef, + Optional[String] $defaults = undef, ) { include mit_krb5 diff --git a/manifests/plugins.pp b/manifests/plugins.pp index 18c9bd0..f4fe573 100644 --- a/manifests/plugins.pp +++ b/manifests/plugins.pp @@ -40,9 +40,9 @@ # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # define mit_krb5::plugins ( - Optional[String] $disable = undef, - Optional[String] $enable_only = undef, - Optional[String] $module = undef, + Optional[Array[String]] $disable = undef, + Optional[Array[String]] $enable_only = undef, + Optional[Array[String]] $module = undef, ) { include mit_krb5 diff --git a/manifests/realm.pp b/manifests/realm.pp index b4ded66..530ccbe 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -116,9 +116,9 @@ # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # define mit_krb5::realm ( - Optional[Array] $kdc = undef, + Optional[String] $kdc = undef, Optional[String] $master_kdc = undef, - Optional[Array] $admin_server = undef, + Optional[String] $admin_server = undef, Optional[String] $database_module = undef, Optional[String] $default_domain = undef, Optional[String] $v4_instance_convert = undef, From 89814aaa8be505a5fa4a212719c3b4b913ea45d0 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Thu, 26 Sep 2024 10:05:36 +0000 Subject: [PATCH 10/15] update --- manifests/appdefaults.pp | 8 ++++---- manifests/dbmodules.pp | 20 ++++++++++---------- manifests/realm.pp | 6 +++--- types/bool_or_str.pp | 1 + 4 files changed, 18 insertions(+), 17 deletions(-) create mode 100644 types/bool_or_str.pp diff --git a/manifests/appdefaults.pp b/manifests/appdefaults.pp index 80a377d..9d2b3e7 100644 --- a/manifests/appdefaults.pp +++ b/manifests/appdefaults.pp @@ -25,10 +25,10 @@ # @param ignore_afs # define mit_krb5::appdefaults ( - Optional[String] $debug = undef, - Optional[String] $ticket_lifetime = undef, - Optional[String] $renew_lifetime = undef, - Optional[String] $forwardable = undef, + Optional[String] $debug = undef, + Optional[String] $ticket_lifetime = undef, + Optional[String] $renew_lifetime = undef, + Optional[Mit_krb5::Bool_or_str] $forwardable = undef, Optional[String] $krb4_convert = undef, Optional[String] $ignore_afs = undef, ) { diff --git a/manifests/dbmodules.pp b/manifests/dbmodules.pp index d2be010..8097a71 100644 --- a/manifests/dbmodules.pp +++ b/manifests/dbmodules.pp @@ -86,16 +86,16 @@ # define mit_krb5::dbmodules ( String $realm = $title, - Optional[String] $database_name = undef, - Optional[String] $db_library = undef, - Optional[Boolean] $disable_last_success = undef, - Optional[Boolean] $disable_lockout = undef, - Optional[String] $ldap_cert_path = undef, - Optional[String] $ldap_conns_per_server = undef, - Optional[String] $ldap_kadmind_dn = undef, - Optional[String] $ldap_kdc_dn = undef, - Optional[String] $ldap_kerberos_container_dn = undef, - Optional[String] $ldap_servers = undef, + Optional[Mit_krb5::Bool_or_str] $database_name = undef, + Optional[Mit_krb5::Bool_or_str] $db_library = undef, + Optional[Mit_krb5::Bool_or_str] $disable_last_success = undef, + Optional[Mit_krb5::Bool_or_str] $disable_lockout = undef, + Optional[Array[String]] $ldap_cert_path = undef, + Optional[Array[String]] $ldap_conns_per_server = undef, + Optional[Array[String]] $ldap_kadmind_dn = undef, + Optional[Array[String]] $ldap_kdc_dn = undef, + Optional[Array[String]] $ldap_kerberos_container_dn = undef, + Optional[Array[String]] $ldap_servers = undef, Optional[String] $ldap_service_password_file = undef, ) { include mit_krb5 diff --git a/manifests/realm.pp b/manifests/realm.pp index 530ccbe..8ac01d6 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -116,15 +116,15 @@ # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # define mit_krb5::realm ( - Optional[String] $kdc = undef, - Optional[String] $master_kdc = undef, + Optional[Array[String]] $kdc = undef, + Optional[Array[String]] $master_kdc = undef, Optional[String] $admin_server = undef, Optional[String] $database_module = undef, Optional[String] $default_domain = undef, Optional[String] $v4_instance_convert = undef, Optional[String] $v4_realm = undef, Optional[String] $auth_to_local_names = undef, - Optional[String] $auth_to_local = undef, + Optional[Array[String]] $auth_to_local = undef, Optional[String] $kpasswd_server = undef, Array $v4_realm_convert = [], Optional[String] $pkinit_anchors = undef, diff --git a/types/bool_or_str.pp b/types/bool_or_str.pp new file mode 100644 index 0000000..66b14d5 --- /dev/null +++ b/types/bool_or_str.pp @@ -0,0 +1 @@ +type Mit_krb5::Bool_or_str = Variant[Boolean, Enum['true', 'false']] From 65ad184adcb6b89a245ed85d88b6f84d5d142e43 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Thu, 14 Dec 2023 14:02:27 +0000 Subject: [PATCH 11/15] puppet8 support --- manifests/dbmodules.pp | 10 +++++----- manifests/realm.pp | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/dbmodules.pp b/manifests/dbmodules.pp index d2be010..f6704e2 100644 --- a/manifests/dbmodules.pp +++ b/manifests/dbmodules.pp @@ -16,15 +16,15 @@ # value should be db2 for the DB2 module and kldap for the LDAP module. # # [*disable_last_success*] -# If set to true, suppresses KDC updates to the “Last successful -# authentication” field of principal entries requiring preauthentication. +# If set to true, suppresses KDC updates to the “Last successful +# authenticationâ€� field of principal entries requiring preauthentication. # Setting this flag may improve performance. (Principal entries which do not -# require preauthentication never update the “Last successful authentication” +# require preauthentication never update the “Last successful authenticationâ€� # field.). First introduced in release 1.9. # # [*disable_lockout*] -# If set to true, suppresses KDC updates to the “Last failed authentication” -# and “Failed password attempts” fields of principal entries requiring +# If set to true, suppresses KDC updates to the “Last failed authenticationâ€� +# and “Failed password attemptsâ€� fields of principal entries requiring # preauthentication. Setting this flag may improve performance, but also # disables account lockout. First introduced in release 1.9. # diff --git a/manifests/realm.pp b/manifests/realm.pp index b4ded66..eb979a5 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -18,7 +18,7 @@ # [*master_kdc*] # Identifies the master KDC(s). Currently, this tag is used in only one case: # If an attempt to get credentials fails because of an invalid password, the -# client software will attempt to contact the master KDC, in case the user’s +# client software will attempt to contact the master KDC, in case the user’s # password has just been changed, and the updated database has not been # propagated to the slave servers yet. # From c71c2a19c22744a2b2930c2853ab20dcc94a0b77 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:52:24 +0200 Subject: [PATCH 12/15] Update dbmodules.pp --- manifests/dbmodules.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/dbmodules.pp b/manifests/dbmodules.pp index f6704e2..d2be010 100644 --- a/manifests/dbmodules.pp +++ b/manifests/dbmodules.pp @@ -16,15 +16,15 @@ # value should be db2 for the DB2 module and kldap for the LDAP module. # # [*disable_last_success*] -# If set to true, suppresses KDC updates to the “Last successful -# authenticationâ€� field of principal entries requiring preauthentication. +# If set to true, suppresses KDC updates to the “Last successful +# authentication” field of principal entries requiring preauthentication. # Setting this flag may improve performance. (Principal entries which do not -# require preauthentication never update the “Last successful authenticationâ€� +# require preauthentication never update the “Last successful authentication” # field.). First introduced in release 1.9. # # [*disable_lockout*] -# If set to true, suppresses KDC updates to the “Last failed authenticationâ€� -# and “Failed password attemptsâ€� fields of principal entries requiring +# If set to true, suppresses KDC updates to the “Last failed authentication” +# and “Failed password attempts” fields of principal entries requiring # preauthentication. Setting this flag may improve performance, but also # disables account lockout. First introduced in release 1.9. # From 44d23f730b0d2d7e5a458b186058b0ce3d47047d Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:53:59 +0200 Subject: [PATCH 13/15] Update realm.pp --- manifests/realm.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/realm.pp b/manifests/realm.pp index eb979a5..b4ded66 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -18,7 +18,7 @@ # [*master_kdc*] # Identifies the master KDC(s). Currently, this tag is used in only one case: # If an attempt to get credentials fails because of an invalid password, the -# client software will attempt to contact the master KDC, in case the user’s +# client software will attempt to contact the master KDC, in case the user’s # password has just been changed, and the updated database has not been # propagated to the slave servers yet. # From 0c33feedda08ebb52743336af33d22581d4818e9 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Wed, 25 Sep 2024 14:16:40 +0000 Subject: [PATCH 14/15] update --- manifests/init.pp | 100 +++++++++++++++++++++---------------------- manifests/install.pp | 2 +- manifests/logging.pp | 8 ++-- manifests/plugins.pp | 6 +-- manifests/realm.pp | 4 +- 5 files changed, 60 insertions(+), 60 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 376553b..607d49f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -256,56 +256,56 @@ # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # class mit_krb5 ( - Optional[String] $default_realm = undef, - Optional[String] $default_keytab_name = undef, - Array $default_tgs_enctypes = [], - Array $default_tkt_enctypes = [], - Optional[String] $default_ccache_name = undef, - Array $permitted_enctypes = [], - Optional[Boolean] $allow_weak_crypto = undef, - Optional[String] $clockskew = undef, - Optional[String] $ignore_acceptor_hostname = undef, - Optional[String] $k5login_authoritative = undef, - Optional[String] $k5login_directory = undef, - Optional[String] $kdc_timesync = undef, - Optional[String] $kdc_req_checksum_type = undef, - Optional[String] $ap_req_checksum_type = undef, - Optional[String] $safe_checksum_type = undef, - Optional[String] $preferred_preauth_types = undef, - Optional[String] $ccache_type = undef, - Optional[String] $canonicalize = undef, - Optional[Boolean] $dns_canonicalize_hostname = undef, - Optional[Boolean] $dns_lookup_kdc = undef, - Optional[Boolean] $dns_lookup_realm = undef, - Optional[Boolean] $dns_fallback = undef, - Optional[String] $realm_try_domains = undef, - Array $extra_addresses = [], - Optional[String] $udp_preference_limit = undef, - Optional[Boolean] $verify_ap_req_nofail = undef, - Optional[String] $ticket_lifetime = undef, - Optional[String] $renew_lifetime = undef, - Optional[Boolean] $noaddresses = undef, - Optional[Boolean] $forwardable = undef, - Optional[Boolean] $proxiable = undef, - Optional[Boolean] $rdns = undef, - Optional[String] $pkinit_anchors = undef, - Optional[String] $spake_preauth_groups = undef, - Optional[String] $plugin_base_dir = undef, - Optional[String] $include = undef, - Optional[String] $includedir = undef, - Optional[String] $module = undef, - Optional[String] $db_module_dir = undef, - String $krb5_conf_path = '/etc/krb5.conf', - String $krb5_conf_owner = 'root', - String $krb5_conf_group = 'root', - String $krb5_conf_mode = '0444', - Boolean $alter_etc_services = false, - Boolean $krb5_conf_warn = true, - Hash $domain_realms = {}, - Hash $capaths = {}, - Hash $appdefaults = {}, - Hash $realms = {}, - Hash $dbmodules = {}, + Optional[String] $default_realm = undef, + Optional[String] $default_keytab_name = undef, + Array $default_tgs_enctypes = [], + Array $default_tkt_enctypes = [], + Optional[String] $default_ccache_name = undef, + Array $permitted_enctypes = [], + Optional[Boolean] $allow_weak_crypto = undef, + Optional[String] $clockskew = undef, + Optional[String] $ignore_acceptor_hostname = undef, + Optional[String] $k5login_authoritative = undef, + Optional[String] $k5login_directory = undef, + Optional[String] $kdc_timesync = undef, + Optional[String] $kdc_req_checksum_type = undef, + Optional[String] $ap_req_checksum_type = undef, + Optional[String] $safe_checksum_type = undef, + Optional[String] $preferred_preauth_types = undef, + Optional[String] $ccache_type = undef, + Optional[String] $canonicalize = undef, + Optional[Boolean] $dns_canonicalize_hostname = undef, + Optional[Boolean] $dns_lookup_kdc = undef, + Optional[Boolean] $dns_lookup_realm = undef, + Optional[Boolean] $dns_fallback = undef, + Optional[String] $realm_try_domains = undef, + Array $extra_addresses = [], + Optional[String] $udp_preference_limit = undef, + Optional[Boolean] $verify_ap_req_nofail = undef, + Optional[String] $ticket_lifetime = undef, + Optional[String] $renew_lifetime = undef, + Optional[Mit_krb5::Bool_or_str] $noaddresses = undef, + Optional[Mit_krb5::Bool_or_str] $forwardable = undef, + Optional[Mit_krb5::Bool_or_str] $proxiable = undef, + Optional[Mit_krb5::Bool_or_str] $rdns = undef, + Optional[Array[String]] $pkinit_anchors = undef, + Optional[Array[String]] $spake_preauth_groups = undef, + Optional[Array[String]] $plugin_base_dir = undef, + Optional[Array[String]] $include = undef, + Optional[Array[String]] $includedir = undef, + Optional[Array[String]] $module = undef, + Optional[String] $db_module_dir = undef, + String $krb5_conf_path = '/etc/krb5.conf', + String $krb5_conf_owner = 'root', + String $krb5_conf_group = 'root', + String $krb5_conf_mode = '0444', + Boolean $alter_etc_services = false, + Boolean $krb5_conf_warn = true, + Hash $domain_realms = {}, + Hash $capaths = {}, + Hash $appdefaults = {}, + Hash $realms = {}, + Hash $dbmodules = {}, ) { # SECTION: Parameter validation { # Boolean-type parameters are not type-validated at this time. diff --git a/manifests/install.pp b/manifests/install.pp index fe69d51..9abe751 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -14,7 +14,7 @@ # @param packages # class mit_krb5::install ( - Optional[String] $packages = undef, + Optional[Variant[String, Array[String]]] $packages = undef, ) { if $packages { if is_array($packages) { diff --git a/manifests/logging.pp b/manifests/logging.pp index 80cd780..e1ae378 100644 --- a/manifests/logging.pp +++ b/manifests/logging.pp @@ -41,10 +41,10 @@ # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # class mit_krb5::logging ( - Optional[String] $default = undef, - Optional[String] $admin_server = undef, - Optional[String] $kdc = undef, - Optional[String] $defaults = undef, + Optional[Array[String]] $default = undef, + Optional[Array[String]] $admin_server = undef, + Optional[Array[String]] $kdc = undef, + Optional[String] $defaults = undef, ) { include mit_krb5 diff --git a/manifests/plugins.pp b/manifests/plugins.pp index 18c9bd0..f4fe573 100644 --- a/manifests/plugins.pp +++ b/manifests/plugins.pp @@ -40,9 +40,9 @@ # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # define mit_krb5::plugins ( - Optional[String] $disable = undef, - Optional[String] $enable_only = undef, - Optional[String] $module = undef, + Optional[Array[String]] $disable = undef, + Optional[Array[String]] $enable_only = undef, + Optional[Array[String]] $module = undef, ) { include mit_krb5 diff --git a/manifests/realm.pp b/manifests/realm.pp index b4ded66..530ccbe 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -116,9 +116,9 @@ # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # define mit_krb5::realm ( - Optional[Array] $kdc = undef, + Optional[String] $kdc = undef, Optional[String] $master_kdc = undef, - Optional[Array] $admin_server = undef, + Optional[String] $admin_server = undef, Optional[String] $database_module = undef, Optional[String] $default_domain = undef, Optional[String] $v4_instance_convert = undef, From 15df0ee7d575689f3ff6bcb475f302412d6b1327 Mon Sep 17 00:00:00 2001 From: flepoutre <84913246+flepoutre@users.noreply.github.com> Date: Thu, 26 Sep 2024 10:05:36 +0000 Subject: [PATCH 15/15] update --- manifests/appdefaults.pp | 8 ++++---- manifests/dbmodules.pp | 20 ++++++++++---------- manifests/realm.pp | 6 +++--- types/bool_or_str.pp | 1 + 4 files changed, 18 insertions(+), 17 deletions(-) create mode 100644 types/bool_or_str.pp diff --git a/manifests/appdefaults.pp b/manifests/appdefaults.pp index 80a377d..9d2b3e7 100644 --- a/manifests/appdefaults.pp +++ b/manifests/appdefaults.pp @@ -25,10 +25,10 @@ # @param ignore_afs # define mit_krb5::appdefaults ( - Optional[String] $debug = undef, - Optional[String] $ticket_lifetime = undef, - Optional[String] $renew_lifetime = undef, - Optional[String] $forwardable = undef, + Optional[String] $debug = undef, + Optional[String] $ticket_lifetime = undef, + Optional[String] $renew_lifetime = undef, + Optional[Mit_krb5::Bool_or_str] $forwardable = undef, Optional[String] $krb4_convert = undef, Optional[String] $ignore_afs = undef, ) { diff --git a/manifests/dbmodules.pp b/manifests/dbmodules.pp index d2be010..8097a71 100644 --- a/manifests/dbmodules.pp +++ b/manifests/dbmodules.pp @@ -86,16 +86,16 @@ # define mit_krb5::dbmodules ( String $realm = $title, - Optional[String] $database_name = undef, - Optional[String] $db_library = undef, - Optional[Boolean] $disable_last_success = undef, - Optional[Boolean] $disable_lockout = undef, - Optional[String] $ldap_cert_path = undef, - Optional[String] $ldap_conns_per_server = undef, - Optional[String] $ldap_kadmind_dn = undef, - Optional[String] $ldap_kdc_dn = undef, - Optional[String] $ldap_kerberos_container_dn = undef, - Optional[String] $ldap_servers = undef, + Optional[Mit_krb5::Bool_or_str] $database_name = undef, + Optional[Mit_krb5::Bool_or_str] $db_library = undef, + Optional[Mit_krb5::Bool_or_str] $disable_last_success = undef, + Optional[Mit_krb5::Bool_or_str] $disable_lockout = undef, + Optional[Array[String]] $ldap_cert_path = undef, + Optional[Array[String]] $ldap_conns_per_server = undef, + Optional[Array[String]] $ldap_kadmind_dn = undef, + Optional[Array[String]] $ldap_kdc_dn = undef, + Optional[Array[String]] $ldap_kerberos_container_dn = undef, + Optional[Array[String]] $ldap_servers = undef, Optional[String] $ldap_service_password_file = undef, ) { include mit_krb5 diff --git a/manifests/realm.pp b/manifests/realm.pp index 530ccbe..8ac01d6 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -116,15 +116,15 @@ # Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS # define mit_krb5::realm ( - Optional[String] $kdc = undef, - Optional[String] $master_kdc = undef, + Optional[Array[String]] $kdc = undef, + Optional[Array[String]] $master_kdc = undef, Optional[String] $admin_server = undef, Optional[String] $database_module = undef, Optional[String] $default_domain = undef, Optional[String] $v4_instance_convert = undef, Optional[String] $v4_realm = undef, Optional[String] $auth_to_local_names = undef, - Optional[String] $auth_to_local = undef, + Optional[Array[String]] $auth_to_local = undef, Optional[String] $kpasswd_server = undef, Array $v4_realm_convert = [], Optional[String] $pkinit_anchors = undef, diff --git a/types/bool_or_str.pp b/types/bool_or_str.pp new file mode 100644 index 0000000..66b14d5 --- /dev/null +++ b/types/bool_or_str.pp @@ -0,0 +1 @@ +type Mit_krb5::Bool_or_str = Variant[Boolean, Enum['true', 'false']]