backups.pp

## Class for ldap backups to AWS and GCP

class su_ldap::backups(
  #
  $env  = undef,
  #
) {

  ## This section is the sync of the daily backups to AWS S3, only done for the masters
  # first, put awscli on the host - you don't have to use python if you have puppet
  package { 'awscli': ensure => present }

  # third, pick your bucket and credentials
  case $env {
    'prod' : {
      $s3bucket = 's3://060553448345-authnz-prod-ldapdumps/'
      $s3creds = 'config/its-idg/aws-s3-ldap-prod/access-keys'
    }
    default: {
      $s3bucket = 's3://608913223100-authnz-x-ldapdumps/'
      $s3creds = 'config/its-idg/aws-s3-ldap-non-prod/access-keys'
    }
  }

  #  $wallet_name = "service/its-idg/git-cn-config-sshkey/ldap-${suffix}"
  base::wallet { $s3creds:
    ensure  => 'present',
    path    => '/etc/ssl/private/s3bucket-keys',
    type    => 'file',
    owner   => 'root',
    group   => 'root',
    mode    => '0640',
  }

  # Module for google cloud SDK Installation
  include package_google_cloud_sdk

  # Pickup right environment credentials from wallet
  ## Production ldapuser serviceaccount
  $gcs_credentials_prod  = 'password/its-idg/gcs/prod-ldapuser_serviceaccount'

  ## Stage ldapuser service account
  $gcs_credentials_stage = 'password/its-idg/gcs/stage-ldapuser_serviceaccount'

  # get ldapuser service account
  base::wallet { $gcs_credentials_stage:
    ensure  => 'present',
    path    => '/etc/ldapadmin/gcs_stage_ldapuser_serviceaccount.json',
    type    => 'file',
    owner   => 'root',
    group   => 'root',
    mode    => '0640',
  }

  if ( $env == 'prod') {
     base::wallet { $gcs_credentials_prod:
       ensure  => 'present',
       path    => '/etc/ldapadmin/gcs_prod_ldapuser_serviceaccount.json',
       type    => 'file',
       owner   => 'root',
       group   => 'root',
       mode    => '0640',
     }
  }

}