From c5b4d0d1f365c17ca73115d2618658742d04de90 Mon Sep 17 00:00:00 2001
From: Adam Henry Lewenberg <adamhl@stanford.edu>
Date: Thu, 16 Feb 2017 13:19:19 -0800
Subject: [PATCH] add support for qa kerberos environment

---
 NEWS                             |  4 ++++
 manifests/kerberos.pp            | 21 ++++++++++++---------
 templates/kerberos/krb5.conf.erb |  8 ++++++++
 3 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/NEWS b/NEWS
index a7007fe..826acbb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+release/005.006 (2017-02-16)
+
+    [kerberos] Add support for the new kerberos environment 'qa'. [adamhl]
+
 release/005.005 (2017-02-02)
 
     [kerberos] Add the option rdns_enabled so that Kerberos can be
diff --git a/manifests/kerberos.pp b/manifests/kerberos.pp
index 8f41cda..5aed890 100644
--- a/manifests/kerberos.pp
+++ b/manifests/kerberos.pp
@@ -17,20 +17,23 @@
 # **********************************************************************
 #
 #
-# $krb_env: Which kerberos environment to use. Must be one of:
-#   'prod', 'uat', or 'test'.
+# $krb_env:
+#   Which kerberos environment to use. Must be one of:
+#   'prod', 'uat', 'qa', or 'test'.
 #   Default: 'prod'
 #
-# $prefer_tcp: Normal kerberos traffic uses UDP, but some applications
+# $prefer_tcp:
+#   Normal kerberos traffic uses UDP, but some applications
 #   (lookin' at you Java!) work better with TCP. Set this parameter to
 #   "true" to force the client to prefer TCP to UDP.
 #   Default: false
 #
-# $rdns_enabled: if 'true' have the Kerberos client do a reverse DNS
-# lookup on the hostname when connecting to a server. This should be set
-# to 'false' if you want the client to be able to connect to services where
-# the service name's IP address PTR record may not match the hostname
-# (e.g., for services running in Amazon Web Services).
+# $rdns_enabled:
+#   If 'true' have the Kerberos client do a reverse DNS lookup on the
+#   hostname when connecting to a server. This should be set to 'false' if
+#   you want the client to be able to connect to services where the service
+#   name's IP address PTR record may not match the hostname (e.g., for
+#   services running in Amazon Web Services).
 #   Default: true
 class base::kerberos(
   $prefer_tcp   = false,
@@ -40,7 +43,7 @@ class base::kerberos(
 
   # We only allow the 'prod', 'uat', and 'test' environments.
   case $krb_env {
-    'prod', 'uat', 'test': {}
+    'prod', 'uat', 'test', 'qa': {}
     default: { fail("unrecognized kerberos environment '${krb_env}'") }
   }
 
diff --git a/templates/kerberos/krb5.conf.erb b/templates/kerberos/krb5.conf.erb
index 808b995..3872291 100644
--- a/templates/kerberos/krb5.conf.erb
+++ b/templates/kerberos/krb5.conf.erb
@@ -76,6 +76,14 @@ elsif (@krb_env == 'test') then
         admin_server   = kerberos-test.stanford.edu
         kpasswd_server = kerberos-test.stanford.edu
 <%
+elsif (@krb_env == 'qa') then
+-%>
+        kdc            = kerberos-qa2.stanford.edu:88
+        kdc            = kerberos-qa1.stanford.edu:88
+        master_kdc     = master-kdc-qa.stanford.edu:88
+        admin_server   = master-kdc-qa.stanford.edu
+        kpasswd_server = master-kdc-qa.stanford.edu
+<%
 else
   if (@drSite) then
 -%>
-- 
GitLab