HDM supports disabling authentication. (#77)

This PR adds the required config option.
voxpupuli · Jan 24, 2024 · a10a29b · a10a29b
1 parent a3ffee9
commit a10a29b
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 5 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -55,6 +55,7 @@ The following parameters are available in the `hdm` class:
 * [`group`](#-hdm--group)
 * [`puppetdb_settings`](#-hdm--puppetdb_settings)
 * [`puppet_code_dir`](#-hdm--puppet_code_dir)
+* [`disable_authentication`](#-hdm--disable_authentication)
 * [`allow_encryption`](#-hdm--allow_encryption)
 * [`read_only`](#-hdm--read_only)
 * [`git_data`](#-hdm--git_data)
@@ -232,6 +233,15 @@ defaults to '/etc/puppetlabs/code'
 
 Default value: `'/etc/puppetlabs/code'`
 
+##### <a name="-hdm--disable_authentication"></a>`disable_authentication`
+
+Data type: `Boolean`
+
+Disable user and login
+This makes HDM available to anyone.
+
+Default value: `false`
+
 ##### <a name="-hdm--allow_encryption"></a>`allow_encryption`
 
 Data type: `Boolean`

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -76,6 +76,9 @@
 #   Puppet environments (similar to puppet config code_dir)
 #   defaults to '/etc/puppetlabs/code'
 #
+# @param disable_authentication Disable user and login
+#   This makes HDM available to anyone.
+#
 # @param allow_encryption Specify if HDM should use EYAML
 #   Needs HDM access to EYAML keys (public and private)
 #   Values for keys are taken from hiera.yaml file and can
@@ -142,11 +145,12 @@
   Stdlib::Unixpath              $puppet_code_dir       = '/etc/puppetlabs/code',
   String[1]                     $hdm_hiera_config_file = 'hiera.yaml',
   # additional application parameter
-  Boolean                        $allow_encryption      = false,
-  Boolean                        $read_only             = true,
-  Optional[Hdm::Gitdata]         $git_data              = undef,
-  Optional[Hdm::Ldap_settings]   $ldap_settings         = undef,
-  Optional[Sensitive[String[1]]] $ldap_bind_dn_password = undef,
+  Boolean                        $disable_authentication = false,
+  Boolean                        $allow_encryption       = false,
+  Boolean                        $read_only              = true,
+  Optional[Hdm::Gitdata]         $git_data               = undef,
+  Optional[Hdm::Ldap_settings]   $ldap_settings          = undef,
+  Optional[Sensitive[String[1]]] $ldap_bind_dn_password  = undef,
 ) {
   if $ldap_settings {
     if $ldap_bind_dn_password {

diff --git a/templates/hdm.yml.epp b/templates/hdm.yml.epp
@@ -8,6 +8,7 @@
   <%- } -%>
   hiera_config_file: "<%= $hdm::hdm_hiera_config_file %>"
   config_dir: <%= $hdm::puppet_code_dir %>
+  authentication_disabled: <%= $hdm::disable_authentication %>
 <%- if ! $hdm::final_ldap_settings.empty { -%>
   ldap:
   <%- $hdm::final_ldap_settings.each |$key, $value| { -%>