Add class to manage security-role in web.xml

README.md

@@ -107,6 +107,9 @@ A hash of the notification email configuraton.
 #####`security_config`
 A hash of the rundeck security configuration.
 
+#####`security_role`
+The name of the role that is required for all users to be allowed access.
+
 #####`manage_yum_repo`
 Whether to manage the YUM repository containing the Rundeck rpm. Defaults to true.
 

manifests/config.pp

@@ -32,6 +32,7 @@
   $service_name          = $rundeck::service_name,
   $mail_config           = $rundeck::mail_config,
   $security_config       = $rundeck::security_config,
+  $security_role         = $rundeck::security_role,
   $acl_policies          = $rundeck::acl_policies,
   $api_policies          = $rundeck::api_policies
 ) inherits rundeck::params {
@@ -148,4 +149,9 @@
   }
 
   create_resources(rundeck::config::project, $projects)
+
+  class { 'rundeck::config::global::web':
+    security_role => $security_role,
+    notify        => Service[$service_name],
+  }
 }

manifests/config/global/web.pp

@@ -0,0 +1,25 @@
+# Author::    Wil Cooley <wcooley(at)nakedape.cc>
+# License::   MIT
+#
+# == Class: rundeck::config::global::web
+#
+# Manage the application's +web.xml+.
+#
+# Currently only manages the +<security-role>+ required for any user to login:
+# http://rundeck.org/docs/administration/authenticating-users.html#security-role
+#
+# === Parameters
+#
+# [*security_role*]
+#   Name of role that is required for all users to be allowed access.
+#
+class rundeck::config::global::web (
+  $security_role = $rundeck::params::security_role,
+) inherits rundeck::params {
+
+  augeas { 'rundeck/web.xml/security-role/role-name':
+    lens    => 'Xml.lns',
+    incl    => $rundeck::params::web_xml,
+    changes => [ "set web-app/security-role/role-name/#text '${security_role}'" ],
+  }
+}

manifests/init.pp

@@ -88,6 +88,9 @@
 # [*security_config*]
 #  A hash of the rundeck security configuration.
 #
+# [*security_role*]
+#  Name of the role that is required for all users to be allowed access.
+#
 # [*user*]
 #   The user that rundeck is installed as.
 #
@@ -140,6 +143,7 @@
   $service_config               = $rundeck::params::service_config,
   $mail_config                  = $rundeck::params::mail_config,
   $security_config              = $rundeck::params::security_config,
+  $security_role                = $rundeck::params::security_role,
   $manage_yum_repo              = $rundeck::params::manage_yum_repo,
   $user                         = $rundeck::params::user,
   $group                        = $rundeck::params::group,

manifests/params.pp

@@ -268,4 +268,7 @@
   $ssl_port = '4443'
 
   $package_source = 'https://dl.bintray.com/rundeck/rundeck-deb'
+
+  $web_xml = "${rdeck_base}/exp/webapp/WEB-INF/web.xml"
+  $security_role = 'user'
 }

spec/classes/config/global/web_spec.rb

@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe 'rundeck' do
+  let(:facts) {{
+    :osfamily        => 'RedHat',
+    :fqdn            => 'test.example.com',
+    :serialnumber    => 0,
+    :rundeck_version => ''
+  }}
+
+  context 'with empty params' do
+    it 'should generate augeas resource with default security_role' do
+      should contain_augeas('rundeck/web.xml/security-role/role-name') \
+        .with_changes(["set web-app/security-role/role-name/#text 'user'"])
+    end
+  end
+
+  context 'with security_role param' do
+    let(:params) {{ :security_role => 'superduper' }}
+
+    it 'should generate augeas resource with specified security_role' do
+      should contain_augeas('rundeck/web.xml/security-role/role-name') \
+        .with_changes(["set web-app/security-role/role-name/#text 'superduper'"])
+    end
+  end
+end