From 296620c9f567c8f5b65998f476bae19c7ef36c76 Mon Sep 17 00:00:00 2001
From: Adam Henry Lewenberg <adamhl@stanford.edu>
Date: Sun, 19 Mar 2017 05:58:36 -0700
Subject: [PATCH] Add source parameter to kerberos class to override
 /etc/krb5.conf

---
 NEWS                  |  3 +++
 manifests/kerberos.pp | 28 ++++++++++++++++++++++++++--
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index f561930..958cd49 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,8 @@
 release/005.007 (unreleased)
 
+    [kerberos] Add options to completely override /etc/krb5.conf using one
+    the parameter $source. [adamhl]
+
     [newsyslog] Pull out filter-syslog from newsyslog so filtersyslog can
     be used separately from newsyslog. [adamhl]
 
diff --git a/manifests/kerberos.pp b/manifests/kerberos.pp
index 5aed890..6c63d2c 100644
--- a/manifests/kerberos.pp
+++ b/manifests/kerberos.pp
@@ -14,6 +14,9 @@
 #       content => undef,
 #     }
 #   }
+#
+# UPDATE: Rather than overriding this class, you may want to use the
+# $source parameter defined below.
 # **********************************************************************
 #
 #
@@ -35,10 +38,24 @@
 #   name's IP address PTR record may not match the hostname (e.g., for
 #   services running in Amazon Web Services).
 #   Default: true
+#
+# $source:
+#   If you want to use your own /etc/krb5.conf file completely overriding
+#   the one provided in this class, use this parameter.
+#   Example:
+#     class { 'base::kerberos':
+#       source => 'puppet:///modules/s_accounts/etc/krb5.conf',
+#     }
+#
+#   Note that we don't have an an analagous "content" parameter as calling
+#   a template from a different module is not a good idea.
+#   Default: undef
+
 class base::kerberos(
   $prefer_tcp   = false,
   $krb_env      = 'prod',
   $rdns_enabled = true,
+  $source       = undef,
 ){
 
   # We only allow the 'prod', 'uat', and 'test' environments.
@@ -71,9 +88,16 @@ class base::kerberos(
   }
 
   # Basic Kerberos configuration.
-  file { '/etc/krb5.conf':
-    content => template('base/kerberos/krb5.conf.erb')
+  if ($source) {
+    file { '/etc/krb5.conf':
+      source => $source,
+    }
+  } else {
+    file { '/etc/krb5.conf':
+      content => template('base/kerberos/krb5.conf.erb'),
+    }
   }
+
 }
 
 # base::kerberos::dr is no longer needed, because it's functionality has been
-- 
GitLab