summaryrefslogtreecommitdiff
path: root/sitemodules
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-07-22 19:01:33 +0200
committerJan Dittberner <jandd@cacert.org>2019-07-22 19:01:33 +0200
commit587ef04ec791bb6acc14e9e72dbd2c5600c76727 (patch)
treeaf2bceabc8483a1574260e0cd7e8678e4dddce4f /sitemodules
parentc9a19628f4659b8c51ca058abb7ce878f7bfdc2a (diff)
downloadcacert-puppet-587ef04ec791bb6acc14e9e72dbd2c5600c76727.tar.gz
cacert-puppet-587ef04ec791bb6acc14e9e72dbd2c5600c76727.tar.xz
cacert-puppet-587ef04ec791bb6acc14e9e72dbd2c5600c76727.zip
Add support for icingaweb2 admins
Diffstat (limited to 'sitemodules')
-rw-r--r--sitemodules/profiles/manifests/icinga2_master.pp20
1 files changed, 14 insertions, 6 deletions
diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp
index f013df8..32b318a 100644
--- a/sitemodules/profiles/manifests/icinga2_master.pp
+++ b/sitemodules/profiles/manifests/icinga2_master.pp
@@ -9,10 +9,11 @@
#
# @param ido_database_password database password for Icinga2 IDO database
# @param web2_database_password database password for IcingaWeb2 database
-# @param api_users Icinga2 API users
-# @param pki_ticket_salt Ticket salt for API endpoint
-# @param ca_key Icinga2 CA private key content
-# @param ca_certificate Icinga2 CA certificate content
+# @param api_users Icinga2 API users
+# @param pki_ticket_salt Ticket salt for API endpoint
+# @param ca_key Icinga2 CA private key content
+# @param ca_certificate Icinga2 CA certificate content
+# @param $icingaweb_admins List of icingaweb admin users
#
# Examples
# --------
@@ -38,6 +39,7 @@ class profiles::icinga2_master (
String $pki_ticket_salt,
String $ca_key,
String $ca_certificate,
+ Array[String] $icingaweb_admins = ['icingaadmin'],
) {
include profiles::icinga2_common
include postgresql::server
@@ -128,7 +130,13 @@ class profiles::icinga2_master (
}
}
- class { '::icingaweb2::config::authmethod':
- backend => 'external',
+ icingaweb2::config::authmethod { 'external':
+ require => Class['::icingaweb2'],
+ }
+
+ icingaweb2::config::role { 'admin':
+ users => join($icingaweb_admins, ","),
+ permissions => '*',
+ require => Class['::icingaweb2'],
}
}