[MediaWiki-commits] [Gerrit] operations/puppet[production]: ldap::role::client::labs: Allow restricted_from and _to fro...

Andrew Bogott (Code Review) Tue, 06 Sep 2016 14:57:09 -0700

Andrew Bogott has submitted this change and it was merged.

Change subject: ldap::role::client::labs:  Allow restricted_from and _to from 
hiera
......................................................................



ldap::role::client::labs:  Allow restricted_from and _to from hiera

Bug: T101447
Change-Id: I1fe7f1dd89f08206f3f11d72d21c9f3e2f45ddf4
---
M modules/ldap/manifests/role/client.pp
1 file changed, 9 insertions(+), 5 deletions(-)

Approvals:
  Andrew Bogott: Looks good to me, approved
  Alex Monk: Looks good to me, but someone else must approve
  jenkins-bot: Verified



diff --git a/modules/ldap/manifests/role/client.pp 
b/modules/ldap/manifests/role/client.pp
index 9e7918e..237769d 100644
--- a/modules/ldap/manifests/role/client.pp
+++ b/modules/ldap/manifests/role/client.pp
@@ -1,4 +1,8 @@
-class ldap::role::client::labs($ldapincludes=['openldap', 'utils']) {
+class ldap::role::client::labs(
+    $ldapincludes=['openldap', 'utils'],
+    $restricted_to = $::restricted_to,
+    $restricted_from = $::restricted_from,
+) {
     include ldap::role::config::labs
 
     if ( $::realm == 'labs' ) {
@@ -23,16 +27,16 @@
         #       replaces the default group allowed to login
         #       (project members) with an explicitly specified one.
         #
-        if ( $::restricted_from ) {
+        if ( $restricted_from ) {
             security::access::config { 'labs-restrict-from':
-                content  => "-:${::restricted_from}:ALL\n",
+                content  => "-:${restricted_from}:ALL\n",
                 priority => '98',
             }
         }
 
-        if ( $::restricted_to ) {
+        if ( $restricted_to ) {
             security::access::config { 'labs-restrict-to-group':
-                content  => "-:ALL EXCEPT (${::restricted_to}) root:ALL\n",
+                content  => "-:ALL EXCEPT (${restricted_to}) root:ALL\n",
                 priority => '99',
             }
         } else {

-- 
To view, visit https://gerrit.wikimedia.org/r/308826
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I1fe7f1dd89f08206f3f11d72d21c9f3e2f45ddf4
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Alex Monk <a...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: ldap::role::client::labs: Allow restricted_from and _to fro...

Reply via email to