Added noop_value as param so that access_conf file can be updated wit…

ghoneycutt / puppet-module-pam

Puppet module to manage PAM

Other

18 stars 79 forks source link

Added noop_value as param so that access_conf file can be updated wit… #268

Closed Aman1994 closed 10 months ago

Aman1994 commented 1 year ago

…h noop false too

Aman1994 commented 1 year ago

we have a service window - which is the only time we're allowed to make "certain changes".. so outside that we run puppet in noop mode - to KNOW if changes occurred - but not do customer. However, some things we ARE allowed to do (add users) - outside the service window - so we specifically override noop for those.. hence this change

ghoneycutt commented 10 months ago

You could achieve this in a profile using resource overrides. See https://www.puppet.com/docs/puppet/7/lang_resources.html#adding-or-modifying-attributes

profile::maintenance_window {

  include pam

  if $allowed_to_modify_stuff == false {
    File['access_conf'] {
      noop = true,
    }
  }
}