From 6e2e16e538f267913280c708b2cc9afb2cbcf47e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johan=20Bj=C3=B6rklund?= <bjorklund@sunet.se>
Date: Fri, 29 Nov 2024 15:16:34 +0100
Subject: [PATCH] Rolling back some custom things i naemon_monitor

---
 global/overlay/etc/puppet/cosmos-rules.yaml   |  5 ++++
 .../modules/soc/manifests/naemon_monitor.pp   | 25 -------------------
 .../naemon_monitor/docker-compose.yml.erb     |  6 -----
 .../opt}/naemon_monitor/attribute-map.xml     |  0
 .../opt}/naemon_monitor/attribute-policy.xml  |  0
 .../overlay/opt}/naemon_monitor/frontend.xml  |  0
 .../opt/naemon_monitor/shibboleth2.xml        |  2 +-
 7 files changed, 6 insertions(+), 32 deletions(-)
 rename {global/overlay/etc/puppet/modules/soc/files => monitor-dev.cert.sunet.se/overlay/opt}/naemon_monitor/attribute-map.xml (100%)
 rename {global/overlay/etc/puppet/modules/soc/files => monitor-dev.cert.sunet.se/overlay/opt}/naemon_monitor/attribute-policy.xml (100%)
 rename {global/overlay/etc/puppet/modules/soc/files => monitor-dev.cert.sunet.se/overlay/opt}/naemon_monitor/frontend.xml (100%)
 rename global/overlay/etc/puppet/modules/soc/templates/naemon_monitor/shibboleth2.xml.erb => monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/shibboleth2.xml (98%)

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 980b01c..aad9328 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -63,3 +63,8 @@ monitor-dev.cert.sunet.se:
       - bjorklund@sunet.se
     default_host_group: sunet::nagios::nrpe
     nrpe_group: sunet::nagios::nrpe
+    naemon_extra_volumes:
+      - '/opt/naemon_monitor/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml:ro'
+      - '/opt/naemon_monitor/frontend.xml:/etc/shibboleth/frontend.xml:ro'
+      - '/opt/naemon_monitor/attribute-map.xml:/etc/shibboleth/attribute-map.xml:ro'
+      - '/opt/naemon_monitor/attribute-policy.xml:/etc/shibboleth/attribute-policy.xml:ro'
diff --git a/global/overlay/etc/puppet/modules/soc/manifests/naemon_monitor.pp b/global/overlay/etc/puppet/modules/soc/manifests/naemon_monitor.pp
index 86f377b..6dd788e 100644
--- a/global/overlay/etc/puppet/modules/soc/manifests/naemon_monitor.pp
+++ b/global/overlay/etc/puppet/modules/soc/manifests/naemon_monitor.pp
@@ -31,7 +31,6 @@ class soc::naemon_monitor (
   Optional[Boolean] $receive_otel = false,
   String $otel_retention = '2232h',
   String $acme_provider = 'acme-d',
-  Boolean $custom_shib = true,
 ) {
   include sunet::systemd_reload
 
@@ -99,30 +98,6 @@ class soc::naemon_monitor (
     sunet::snippets::secret_file { '/opt/naemon_monitor/shib-certs/sp-key.pem': hiera_key => 'shib_key', mode => '0444' }
     # assume cert is in cosmos repo (overlay)
   }
-  if $custom_shib {
-    file {
-      '/opt/naemon_monitor/shibboleth2.xml':
-        ensure  => file,
-        content => template('soc/naemon_monitor/shibboleth2.xml.erb'),
-        mode    => '0444',
-        ;
-      '/opt/naemon_monitor/frontend.xml':
-        ensure  => file,
-        content => file('soc/naemon_monitor/frontend.xml'),
-        mode    => '0444',
-        ;
-      '/opt/naemon_monitor/attribute-map.xml':
-        ensure  => file,
-        content => file('soc/naemon_monitor/attribute-map.xml'),
-        mode    => '0444',
-        ;
-      '/opt/naemon_monitor/attribute-policy.xml':
-        ensure  => file,
-        content => file('soc/naemon_monitor/attribute-policy.xml'),
-        mode    => '0444',
-        ;
-    }
-  }
 
   $thruk_admins_string = inline_template('ADMIN_USERS=<%- @thruk_admins.each do |user| -%><%= user %>,<%- end -%>')
   $thruk_users_string = inline_template('READONLY_USERS=<%- @thruk_users.each do |user| -%><%= user %>,<%- end -%>')
diff --git a/global/overlay/etc/puppet/modules/soc/templates/naemon_monitor/docker-compose.yml.erb b/global/overlay/etc/puppet/modules/soc/templates/naemon_monitor/docker-compose.yml.erb
index d6d8314..6192548 100644
--- a/global/overlay/etc/puppet/modules/soc/templates/naemon_monitor/docker-compose.yml.erb
+++ b/global/overlay/etc/puppet/modules/soc/templates/naemon_monitor/docker-compose.yml.erb
@@ -58,12 +58,6 @@ services:
       - '/opt/naemon_monitor/shib-certs:/etc/shibboleth/certs'
       - '/opt/naemon_monitor/data:/var/lib/thruk'
       - '/opt/naemon_monitor/menu_local.conf:/etc/thruk/menu_local.conf'
-<%- if @custom_shib -%>
-      - '/opt/naemon_monitor/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml:ro'
-      - '/opt/naemon_monitor/frontend.xml:/etc/shibboleth/frontend.xml:ro'
-      - '/opt/naemon_monitor/attribute-map.xml:/etc/shibboleth/attribute-map.xml:ro'
-      - '/opt/naemon_monitor/attribute-policy.xml:/etc/shibboleth/attribute-policy.xml:ro'
-<% end -%>
 <%- @thruk_extra_volumes.each do |extra_volume| -%>
       - "<%= extra_volume %>"
 <%- end -%>
diff --git a/global/overlay/etc/puppet/modules/soc/files/naemon_monitor/attribute-map.xml b/monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/attribute-map.xml
similarity index 100%
rename from global/overlay/etc/puppet/modules/soc/files/naemon_monitor/attribute-map.xml
rename to monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/attribute-map.xml
diff --git a/global/overlay/etc/puppet/modules/soc/files/naemon_monitor/attribute-policy.xml b/monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/attribute-policy.xml
similarity index 100%
rename from global/overlay/etc/puppet/modules/soc/files/naemon_monitor/attribute-policy.xml
rename to monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/attribute-policy.xml
diff --git a/global/overlay/etc/puppet/modules/soc/files/naemon_monitor/frontend.xml b/monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/frontend.xml
similarity index 100%
rename from global/overlay/etc/puppet/modules/soc/files/naemon_monitor/frontend.xml
rename to monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/frontend.xml
diff --git a/global/overlay/etc/puppet/modules/soc/templates/naemon_monitor/shibboleth2.xml.erb b/monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/shibboleth2.xml
similarity index 98%
rename from global/overlay/etc/puppet/modules/soc/templates/naemon_monitor/shibboleth2.xml.erb
rename to monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/shibboleth2.xml
index 06eadd5..18d6b8d 100644
--- a/global/overlay/etc/puppet/modules/soc/templates/naemon_monitor/shibboleth2.xml.erb
+++ b/monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/shibboleth2.xml
@@ -11,7 +11,7 @@
     -->
 
     <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
-        <ApplicationDefaults entityID="https://<%= @domain %>"
+        <ApplicationDefaults entityID="https://monitor-dev.cert.sunet.se"
                          REMOTE_USER="eppn subject-id"
                          metadataAttributePrefix="Meta-">