From 44067b78758a5ca0e0f9a68b036c8202af3b700f Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 25 Aug 2015 19:41:25 +0200
Subject: [PATCH] Try shipping SSO CRL

---
 hieradata/common.yaml                     |  3 +++
 modules/roles/manifests/sso_rp.pp         | 14 ++++++++++++
 modules/roles/templates/sso_rp/ca.crl.erb | 28 +++++++++++++++++++++++
 3 files changed, 45 insertions(+)
 create mode 100644 modules/roles/manifests/sso_rp.pp
 create mode 100644 modules/roles/templates/sso_rp/ca.crl.erb

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 9a8b1f9f..c07709e5 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -106,6 +106,9 @@ roles:
     - coccia.debian.org
   sso:
     - diabelli.debian.org
+  # single sign on relying party (host)
+  sso_rp:
+    - nono.debian.org
   static_master:
     - bizet.debian.org
     - dillon.debian.org
diff --git a/modules/roles/manifests/sso_rp.pp b/modules/roles/manifests/sso_rp.pp
new file mode 100644
index 00000000..e4eb9ac9
--- /dev/null
+++ b/modules/roles/manifests/sso_rp.pp
@@ -0,0 +1,14 @@
+class roles::sso_rp {
+	file { '/var/lib/dsa':
+		ensure => directory,
+		mode   => '02755'
+	}
+	file { '/var/lib/dsa/sso':
+		ensure => directory,
+		mode   => '02755'
+	}
+	file { '/var/lib/dsa/sso/ca.crl':
+		content => template('roles/sso_rp/ca.crl.erb'),
+	}
+
+}
diff --git a/modules/roles/templates/sso_rp/ca.crl.erb b/modules/roles/templates/sso_rp/ca.crl.erb
new file mode 100644
index 00000000..b1022181
--- /dev/null
+++ b/modules/roles/templates/sso_rp/ca.crl.erb
@@ -0,0 +1,28 @@
+<%=
+def getcrl(host)
+  crl = nil
+  begin
+    facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read)
+    return facts.values['debsso_skac_crl']
+  rescue Exception => e
+  end
+  return crl
+end
+
+allnodeinfo = scope.lookupvar('site::allnodeinfo')
+crl = []
+
+allnodeinfo.keys.sort.each do |node|
+  next unless scope.lookupvar('site::allnodeinfo')[node]['purpose']
+  next unless scope.lookupvar('site::allnodeinfo')[node]['purpose'].include?('sso')
+  c = getcrl(node)
+  next if c.nil?
+  crl << c
+end
+
+crl.join("\n")
+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
+%>
-- 
2.39.2