diff --git a/REFERENCE.md b/REFERENCE.md
index 520ab21..d50b502 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -10,7 +10,7 @@
### Functions
-* [`api_fetch`](#api_fetch)
+* [`vas::api_fetch`](#vas--api_fetch): Query a remote HTTP-based service for entries to be added to users_allow.
## Classes
@@ -49,133 +49,134 @@ vas::realm: 'realm.example.com'
The following parameters are available in the `vas` class:
-* [`manage_nis`](#manage_nis)
-* [`package_version`](#package_version)
-* [`enable_group_policies`](#enable_group_policies)
-* [`users_allow_entries`](#users_allow_entries)
-* [`users_deny_entries`](#users_deny_entries)
-* [`user_override_entries`](#user_override_entries)
-* [`group_override_entries`](#group_override_entries)
-* [`username`](#username)
-* [`keytab_path`](#keytab_path)
-* [`keytab_source`](#keytab_source)
-* [`keytab_owner`](#keytab_owner)
-* [`keytab_group`](#keytab_group)
-* [`keytab_mode`](#keytab_mode)
-* [`vas_fqdn`](#vas_fqdn)
-* [`computers_ou`](#computers_ou)
-* [`users_ou`](#users_ou)
-* [`nismaps_ou`](#nismaps_ou)
-* [`user_search_path`](#user_search_path)
-* [`group_search_path`](#group_search_path)
-* [`upm_search_path`](#upm_search_path)
-* [`nisdomainname`](#nisdomainname)
-* [`realm`](#realm)
-* [`domain_change`](#domain_change)
-* [`sitenameoverride`](#sitenameoverride)
-* [`vas_conf_client_addrs`](#vas_conf_client_addrs)
-* [`vas_conf_vasypd_update_interval`](#vas_conf_vasypd_update_interval)
-* [`vas_conf_full_update_interval`](#vas_conf_full_update_interval)
-* [`vas_conf_group_update_mode`](#vas_conf_group_update_mode)
-* [`vas_conf_root_update_mode`](#vas_conf_root_update_mode)
-* [`vas_conf_disabled_user_pwhash`](#vas_conf_disabled_user_pwhash)
-* [`vas_conf_expired_account_pwhash`](#vas_conf_expired_account_pwhash)
-* [`vas_conf_locked_out_pwhash`](#vas_conf_locked_out_pwhash)
-* [`vas_conf_preload_nested_memberships`](#vas_conf_preload_nested_memberships)
-* [`vas_conf_update_process`](#vas_conf_update_process)
-* [`vas_conf_upm_computerou_attr`](#vas_conf_upm_computerou_attr)
-* [`vas_conf_vasd_update_interval`](#vas_conf_vasd_update_interval)
-* [`vas_conf_vasd_auto_ticket_renew_interval`](#vas_conf_vasd_auto_ticket_renew_interval)
-* [`vas_conf_vasd_lazy_cache_update_interval`](#vas_conf_vasd_lazy_cache_update_interval)
-* [`vas_conf_vasd_timesync_interval`](#vas_conf_vasd_timesync_interval)
-* [`vas_conf_vasd_cross_domain_user_groups_member_search`](#vas_conf_vasd_cross_domain_user_groups_member_search)
-* [`vas_conf_vasd_password_change_script`](#vas_conf_vasd_password_change_script)
-* [`vas_conf_vasd_password_change_script_timelimit`](#vas_conf_vasd_password_change_script_timelimit)
-* [`vas_conf_vasd_workstation_mode`](#vas_conf_vasd_workstation_mode)
-* [`vas_conf_vasd_workstation_mode_users_preload`](#vas_conf_vasd_workstation_mode_users_preload)
-* [`vas_conf_vasd_workstation_mode_group_do_member`](#vas_conf_vasd_workstation_mode_group_do_member)
-* [`vas_conf_vasd_workstation_mode_groups_skip_update`](#vas_conf_vasd_workstation_mode_groups_skip_update)
-* [`vas_conf_vasd_ws_resolve_uid`](#vas_conf_vasd_ws_resolve_uid)
-* [`vas_conf_vasd_deluser_check_timelimit`](#vas_conf_vasd_deluser_check_timelimit)
-* [`vas_conf_vasd_delusercheck_interval`](#vas_conf_vasd_delusercheck_interval)
-* [`vas_conf_vasd_delusercheck_script`](#vas_conf_vasd_delusercheck_script)
-* [`vas_conf_vasd_username_attr_name`](#vas_conf_vasd_username_attr_name)
-* [`vas_conf_vasd_groupname_attr_name`](#vas_conf_vasd_groupname_attr_name)
-* [`vas_conf_vasd_uid_number_attr_name`](#vas_conf_vasd_uid_number_attr_name)
-* [`vas_conf_vasd_gid_number_attr_name`](#vas_conf_vasd_gid_number_attr_name)
-* [`vas_conf_vasd_gecos_attr_name`](#vas_conf_vasd_gecos_attr_name)
-* [`vas_conf_vasd_home_dir_attr_name`](#vas_conf_vasd_home_dir_attr_name)
-* [`vas_conf_vasd_login_shell_attr_name`](#vas_conf_vasd_login_shell_attr_name)
-* [`vas_conf_vasd_group_member_attr_name`](#vas_conf_vasd_group_member_attr_name)
-* [`vas_conf_vasd_memberof_attr_name`](#vas_conf_vasd_memberof_attr_name)
-* [`vas_conf_vasd_unix_password_attr_name`](#vas_conf_vasd_unix_password_attr_name)
-* [`vas_conf_vasd_netgroup_mode`](#vas_conf_vasd_netgroup_mode)
-* [`vas_conf_prompt_vas_ad_pw`](#vas_conf_prompt_vas_ad_pw)
-* [`vas_conf_pam_vas_prompt_ad_lockout_msg`](#vas_conf_pam_vas_prompt_ad_lockout_msg)
-* [`vas_conf_libdefaults_forwardable`](#vas_conf_libdefaults_forwardable)
-* [`vas_conf_libdefaults_tgs_default_enctypes`](#vas_conf_libdefaults_tgs_default_enctypes)
-* [`vas_conf_libdefaults_tkt_default_enctypes`](#vas_conf_libdefaults_tkt_default_enctypes)
-* [`vas_conf_libdefaults_default_etypes`](#vas_conf_libdefaults_default_etypes)
-* [`vas_conf_libdefaults_default_cc_name`](#vas_conf_libdefaults_default_cc_name)
-* [`vas_conf_vas_auth_uid_check_limit`](#vas_conf_vas_auth_uid_check_limit)
-* [`vas_conf_vas_auth_allow_disconnected_auth`](#vas_conf_vas_auth_allow_disconnected_auth)
-* [`vas_conf_vas_auth_expand_ac_groups`](#vas_conf_vas_auth_expand_ac_groups)
-* [`vas_conf_libvas_vascache_ipc_timeout`](#vas_conf_libvas_vascache_ipc_timeout)
-* [`vas_conf_libvas_use_server_referrals`](#vas_conf_libvas_use_server_referrals)
-* [`vas_conf_libvas_use_server_referrals_version_switch`](#vas_conf_libvas_use_server_referrals_version_switch)
-* [`vas_conf_libvas_auth_helper_timeout`](#vas_conf_libvas_auth_helper_timeout)
-* [`vas_conf_libvas_mscldap_timeout`](#vas_conf_libvas_mscldap_timeout)
-* [`vas_conf_libvas_site_only_servers`](#vas_conf_libvas_site_only_servers)
-* [`vas_conf_libvas_use_dns_srv`](#vas_conf_libvas_use_dns_srv)
-* [`vas_conf_libvas_use_tcp_only`](#vas_conf_libvas_use_tcp_only)
-* [`vas_conf_lowercase_names`](#vas_conf_lowercase_names)
-* [`vas_conf_lowercase_homedirs`](#vas_conf_lowercase_homedirs)
-* [`vas_config_path`](#vas_config_path)
-* [`vas_config_owner`](#vas_config_owner)
-* [`vas_config_group`](#vas_config_group)
-* [`vas_config_mode`](#vas_config_mode)
-* [`vas_user_override_path`](#vas_user_override_path)
-* [`vas_user_override_owner`](#vas_user_override_owner)
-* [`vas_user_override_group`](#vas_user_override_group)
-* [`vas_user_override_mode`](#vas_user_override_mode)
-* [`vas_group_override_path`](#vas_group_override_path)
-* [`vas_group_override_owner`](#vas_group_override_owner)
-* [`vas_group_override_group`](#vas_group_override_group)
-* [`vas_group_override_mode`](#vas_group_override_mode)
-* [`vas_users_allow_path`](#vas_users_allow_path)
-* [`vas_users_allow_owner`](#vas_users_allow_owner)
-* [`vas_users_allow_group`](#vas_users_allow_group)
-* [`vas_users_allow_mode`](#vas_users_allow_mode)
-* [`vas_users_deny_path`](#vas_users_deny_path)
-* [`vas_users_deny_owner`](#vas_users_deny_owner)
-* [`vas_users_deny_group`](#vas_users_deny_group)
-* [`vas_users_deny_mode`](#vas_users_deny_mode)
-* [`vasjoin_logfile`](#vasjoin_logfile)
-* [`vastool_binary`](#vastool_binary)
-* [`symlink_vastool_binary_target`](#symlink_vastool_binary_target)
-* [`symlink_vastool_binary`](#symlink_vastool_binary)
-* [`license_files`](#license_files)
-* [`domain_realms`](#domain_realms)
-* [`join_domain_controllers`](#join_domain_controllers)
-* [`unjoin_vas`](#unjoin_vas)
-* [`use_srv_infocache`](#use_srv_infocache)
-* [`kdcs`](#kdcs)
-* [`kdc_port`](#kdc_port)
-* [`kpasswd_servers`](#kpasswd_servers)
-* [`kpasswd_server_port`](#kpasswd_server_port)
-* [`api_enable`](#api_enable)
-* [`api_users_allow_url`](#api_users_allow_url)
-* [`api_token`](#api_token)
-
-##### `manage_nis`
+* [`manage_nis`](#-vas--manage_nis)
+* [`package_version`](#-vas--package_version)
+* [`enable_group_policies`](#-vas--enable_group_policies)
+* [`users_allow_entries`](#-vas--users_allow_entries)
+* [`users_deny_entries`](#-vas--users_deny_entries)
+* [`user_override_entries`](#-vas--user_override_entries)
+* [`group_override_entries`](#-vas--group_override_entries)
+* [`username`](#-vas--username)
+* [`keytab_path`](#-vas--keytab_path)
+* [`keytab_source`](#-vas--keytab_source)
+* [`keytab_owner`](#-vas--keytab_owner)
+* [`keytab_group`](#-vas--keytab_group)
+* [`keytab_mode`](#-vas--keytab_mode)
+* [`vas_fqdn`](#-vas--vas_fqdn)
+* [`computers_ou`](#-vas--computers_ou)
+* [`users_ou`](#-vas--users_ou)
+* [`nismaps_ou`](#-vas--nismaps_ou)
+* [`user_search_path`](#-vas--user_search_path)
+* [`group_search_path`](#-vas--group_search_path)
+* [`upm_search_path`](#-vas--upm_search_path)
+* [`nisdomainname`](#-vas--nisdomainname)
+* [`realm`](#-vas--realm)
+* [`domain_change`](#-vas--domain_change)
+* [`sitenameoverride`](#-vas--sitenameoverride)
+* [`vas_conf_client_addrs`](#-vas--vas_conf_client_addrs)
+* [`vas_conf_vasypd_update_interval`](#-vas--vas_conf_vasypd_update_interval)
+* [`vas_conf_full_update_interval`](#-vas--vas_conf_full_update_interval)
+* [`vas_conf_group_update_mode`](#-vas--vas_conf_group_update_mode)
+* [`vas_conf_root_update_mode`](#-vas--vas_conf_root_update_mode)
+* [`vas_conf_disabled_user_pwhash`](#-vas--vas_conf_disabled_user_pwhash)
+* [`vas_conf_expired_account_pwhash`](#-vas--vas_conf_expired_account_pwhash)
+* [`vas_conf_locked_out_pwhash`](#-vas--vas_conf_locked_out_pwhash)
+* [`vas_conf_preload_nested_memberships`](#-vas--vas_conf_preload_nested_memberships)
+* [`vas_conf_update_process`](#-vas--vas_conf_update_process)
+* [`vas_conf_upm_computerou_attr`](#-vas--vas_conf_upm_computerou_attr)
+* [`vas_conf_vasd_update_interval`](#-vas--vas_conf_vasd_update_interval)
+* [`vas_conf_vasd_auto_ticket_renew_interval`](#-vas--vas_conf_vasd_auto_ticket_renew_interval)
+* [`vas_conf_vasd_lazy_cache_update_interval`](#-vas--vas_conf_vasd_lazy_cache_update_interval)
+* [`vas_conf_vasd_timesync_interval`](#-vas--vas_conf_vasd_timesync_interval)
+* [`vas_conf_vasd_cross_domain_user_groups_member_search`](#-vas--vas_conf_vasd_cross_domain_user_groups_member_search)
+* [`vas_conf_vasd_password_change_script`](#-vas--vas_conf_vasd_password_change_script)
+* [`vas_conf_vasd_password_change_script_timelimit`](#-vas--vas_conf_vasd_password_change_script_timelimit)
+* [`vas_conf_vasd_workstation_mode`](#-vas--vas_conf_vasd_workstation_mode)
+* [`vas_conf_vasd_workstation_mode_users_preload`](#-vas--vas_conf_vasd_workstation_mode_users_preload)
+* [`vas_conf_vasd_workstation_mode_group_do_member`](#-vas--vas_conf_vasd_workstation_mode_group_do_member)
+* [`vas_conf_vasd_workstation_mode_groups_skip_update`](#-vas--vas_conf_vasd_workstation_mode_groups_skip_update)
+* [`vas_conf_vasd_ws_resolve_uid`](#-vas--vas_conf_vasd_ws_resolve_uid)
+* [`vas_conf_vasd_deluser_check_timelimit`](#-vas--vas_conf_vasd_deluser_check_timelimit)
+* [`vas_conf_vasd_delusercheck_interval`](#-vas--vas_conf_vasd_delusercheck_interval)
+* [`vas_conf_vasd_delusercheck_script`](#-vas--vas_conf_vasd_delusercheck_script)
+* [`vas_conf_vasd_username_attr_name`](#-vas--vas_conf_vasd_username_attr_name)
+* [`vas_conf_vasd_groupname_attr_name`](#-vas--vas_conf_vasd_groupname_attr_name)
+* [`vas_conf_vasd_uid_number_attr_name`](#-vas--vas_conf_vasd_uid_number_attr_name)
+* [`vas_conf_vasd_gid_number_attr_name`](#-vas--vas_conf_vasd_gid_number_attr_name)
+* [`vas_conf_vasd_gecos_attr_name`](#-vas--vas_conf_vasd_gecos_attr_name)
+* [`vas_conf_vasd_home_dir_attr_name`](#-vas--vas_conf_vasd_home_dir_attr_name)
+* [`vas_conf_vasd_login_shell_attr_name`](#-vas--vas_conf_vasd_login_shell_attr_name)
+* [`vas_conf_vasd_group_member_attr_name`](#-vas--vas_conf_vasd_group_member_attr_name)
+* [`vas_conf_vasd_memberof_attr_name`](#-vas--vas_conf_vasd_memberof_attr_name)
+* [`vas_conf_vasd_unix_password_attr_name`](#-vas--vas_conf_vasd_unix_password_attr_name)
+* [`vas_conf_vasd_netgroup_mode`](#-vas--vas_conf_vasd_netgroup_mode)
+* [`vas_conf_prompt_vas_ad_pw`](#-vas--vas_conf_prompt_vas_ad_pw)
+* [`vas_conf_pam_vas_prompt_ad_lockout_msg`](#-vas--vas_conf_pam_vas_prompt_ad_lockout_msg)
+* [`vas_conf_libdefaults_forwardable`](#-vas--vas_conf_libdefaults_forwardable)
+* [`vas_conf_libdefaults_tgs_default_enctypes`](#-vas--vas_conf_libdefaults_tgs_default_enctypes)
+* [`vas_conf_libdefaults_tkt_default_enctypes`](#-vas--vas_conf_libdefaults_tkt_default_enctypes)
+* [`vas_conf_libdefaults_default_etypes`](#-vas--vas_conf_libdefaults_default_etypes)
+* [`vas_conf_libdefaults_default_cc_name`](#-vas--vas_conf_libdefaults_default_cc_name)
+* [`vas_conf_vas_auth_uid_check_limit`](#-vas--vas_conf_vas_auth_uid_check_limit)
+* [`vas_conf_vas_auth_allow_disconnected_auth`](#-vas--vas_conf_vas_auth_allow_disconnected_auth)
+* [`vas_conf_vas_auth_expand_ac_groups`](#-vas--vas_conf_vas_auth_expand_ac_groups)
+* [`vas_conf_libvas_vascache_ipc_timeout`](#-vas--vas_conf_libvas_vascache_ipc_timeout)
+* [`vas_conf_libvas_use_server_referrals`](#-vas--vas_conf_libvas_use_server_referrals)
+* [`vas_conf_libvas_use_server_referrals_version_switch`](#-vas--vas_conf_libvas_use_server_referrals_version_switch)
+* [`vas_conf_libvas_auth_helper_timeout`](#-vas--vas_conf_libvas_auth_helper_timeout)
+* [`vas_conf_libvas_mscldap_timeout`](#-vas--vas_conf_libvas_mscldap_timeout)
+* [`vas_conf_libvas_site_only_servers`](#-vas--vas_conf_libvas_site_only_servers)
+* [`vas_conf_libvas_use_dns_srv`](#-vas--vas_conf_libvas_use_dns_srv)
+* [`vas_conf_libvas_use_tcp_only`](#-vas--vas_conf_libvas_use_tcp_only)
+* [`vas_conf_lowercase_names`](#-vas--vas_conf_lowercase_names)
+* [`vas_conf_lowercase_homedirs`](#-vas--vas_conf_lowercase_homedirs)
+* [`vas_config_path`](#-vas--vas_config_path)
+* [`vas_config_owner`](#-vas--vas_config_owner)
+* [`vas_config_group`](#-vas--vas_config_group)
+* [`vas_config_mode`](#-vas--vas_config_mode)
+* [`vas_user_override_path`](#-vas--vas_user_override_path)
+* [`vas_user_override_owner`](#-vas--vas_user_override_owner)
+* [`vas_user_override_group`](#-vas--vas_user_override_group)
+* [`vas_user_override_mode`](#-vas--vas_user_override_mode)
+* [`vas_group_override_path`](#-vas--vas_group_override_path)
+* [`vas_group_override_owner`](#-vas--vas_group_override_owner)
+* [`vas_group_override_group`](#-vas--vas_group_override_group)
+* [`vas_group_override_mode`](#-vas--vas_group_override_mode)
+* [`vas_users_allow_path`](#-vas--vas_users_allow_path)
+* [`vas_users_allow_owner`](#-vas--vas_users_allow_owner)
+* [`vas_users_allow_group`](#-vas--vas_users_allow_group)
+* [`vas_users_allow_mode`](#-vas--vas_users_allow_mode)
+* [`vas_users_deny_path`](#-vas--vas_users_deny_path)
+* [`vas_users_deny_owner`](#-vas--vas_users_deny_owner)
+* [`vas_users_deny_group`](#-vas--vas_users_deny_group)
+* [`vas_users_deny_mode`](#-vas--vas_users_deny_mode)
+* [`vasjoin_logfile`](#-vas--vasjoin_logfile)
+* [`vastool_binary`](#-vas--vastool_binary)
+* [`symlink_vastool_binary_target`](#-vas--symlink_vastool_binary_target)
+* [`symlink_vastool_binary`](#-vas--symlink_vastool_binary)
+* [`license_files`](#-vas--license_files)
+* [`domain_realms`](#-vas--domain_realms)
+* [`join_domain_controllers`](#-vas--join_domain_controllers)
+* [`unjoin_vas`](#-vas--unjoin_vas)
+* [`use_srv_infocache`](#-vas--use_srv_infocache)
+* [`kdcs`](#-vas--kdcs)
+* [`kdc_port`](#-vas--kdc_port)
+* [`kpasswd_servers`](#-vas--kpasswd_servers)
+* [`kpasswd_server_port`](#-vas--kpasswd_server_port)
+* [`api_enable`](#-vas--api_enable)
+* [`api_users_allow_url`](#-vas--api_users_allow_url)
+* [`api_token`](#-vas--api_token)
+* [`api_ssl_verify`](#-vas--api_ssl_verify)
+
+##### `manage_nis`
Data type: `Boolean`
FIXME Missing description
-Default value: ``true``
+Default value: `true`
-##### `package_version`
+##### `package_version`
Data type: `String[1]`
@@ -183,16 +184,16 @@ The VAS package version. Used when upgrading.
Default value: `'installed'`
-##### `enable_group_policies`
+##### `enable_group_policies`
Data type: `Boolean`
Boolean to control if vas should manage group policies. Manages the vasgp
package. Version is controlled by package_version.
-Default value: ``true``
+Default value: `true`
-##### `users_allow_entries`
+##### `users_allow_entries`
Data type: `Array[String[1]]`
@@ -200,7 +201,7 @@ List of users.allow entries. All users are allowed by default.
Default value: `[]`
-##### `users_deny_entries`
+##### `users_deny_entries`
Data type: `Array[String[1]]`
@@ -208,7 +209,7 @@ List of users.deny entries. No users are denied by default.
Default value: `[]`
-##### `user_override_entries`
+##### `user_override_entries`
Data type: `Array[String[1]]`
@@ -217,7 +218,7 @@ UID, GID, GECOS, HOME_DIR and SHELL.
Default value: `[]`
-##### `group_override_entries`
+##### `group_override_entries`
Data type: `Array[String[1]]`
@@ -226,7 +227,7 @@ GROUP_NAME, GID and GROUP_MEMBERSHIP.
Default value: `[]`
-##### `username`
+##### `username`
Data type: `String[1]`
@@ -234,7 +235,7 @@ Name of user account used to join Active Directory.
Default value: `'username'`
-##### `keytab_path`
+##### `keytab_path`
Data type: `Stdlib::Absolutepath`
@@ -242,15 +243,15 @@ The path to the keytab file used together with to join Active Directo
Default value: `'/etc/vasinst.key'`
-##### `keytab_source`
+##### `keytab_source`
Data type: `Optional[String[1]]`
File source for the keytab file used to join Active Directory.
-Default value: ``undef``
+Default value: `undef`
-##### `keytab_owner`
+##### `keytab_owner`
Data type: `String[1]`
@@ -258,7 +259,7 @@ keytab file owner.
Default value: `'root'`
-##### `keytab_group`
+##### `keytab_group`
Data type: `String[1]`
@@ -266,7 +267,7 @@ keytab file group.
Default value: `'root'`
-##### `keytab_mode`
+##### `keytab_mode`
Data type: `Stdlib::Filemode`
@@ -274,7 +275,7 @@ keytab file mode.
Default value: `'0400'`
-##### `vas_fqdn`
+##### `vas_fqdn`
Data type: `Stdlib::Fqdn`
@@ -282,24 +283,24 @@ FQDN to join to VAS as.
Default value: `$facts['networking']['fqdn']`
-##### `computers_ou`
+##### `computers_ou`
Data type: `Optional[String[1]]`
Path to OU where to store computer object.
-Default value: ``undef``
+Default value: `undef`
-##### `users_ou`
+##### `users_ou`
Data type: `Optional[String[1]]`
Deprecated, this parameter is the same as upm_search_path. Path to OU where
to load UPM user profiles.
-Default value: ``undef``
+Default value: `undef`
-##### `nismaps_ou`
+##### `nismaps_ou`
Data type: `String[1]`
@@ -307,42 +308,42 @@ Path to OU where to load nismaps initially.
Default value: `'ou=nismaps,dc=example,dc=com'`
-##### `user_search_path`
+##### `user_search_path`
Data type: `Optional[String[1]]`
LDAP search path for user profiles. This will limit the scope where QAS will
search for users when operating in RFC2307 mode.
-Default value: ``undef``
+Default value: `undef`
-##### `group_search_path`
+##### `group_search_path`
Data type: `Optional[String[1]]`
LDAP search path for groups. This will limit the scope where QAS will search
for groups when operating in RFC2307 mode.
-Default value: ``undef``
+Default value: `undef`
-##### `upm_search_path`
+##### `upm_search_path`
Data type: `Optional[String[1]]`
LDAP search path for UPM user profiles. Setting this parameter will cause
QAS to run in UPM mode.
-Default value: ``undef``
+Default value: `undef`
-##### `nisdomainname`
+##### `nisdomainname`
Data type: `Optional[String[1]]`
Name of the NIS domain.
-Default value: ``undef``
+Default value: `undef`
-##### `realm`
+##### `realm`
Data type: `Stdlib::Host`
@@ -350,32 +351,32 @@ Name of the realm.
Default value: `'realm.example.com'`
-##### `domain_change`
+##### `domain_change`
Data type: `Boolean`
FIXME Missing description
-Default value: ``false``
+Default value: `false`
-##### `sitenameoverride`
+##### `sitenameoverride`
Data type: `Optional[String[1]]`
Name of AD site to join. The AD site is determined automatically in AD by
default.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_client_addrs`
+##### `vas_conf_client_addrs`
Data type: `Optional[String[1,1024]]`
client-addrs option in vas.conf. See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasypd_update_interval`
+##### `vas_conf_vasypd_update_interval`
Data type: `Integer[0]`
@@ -384,16 +385,16 @@ NIS Map information in Active Directory. See VAS.CONF(5).
Default value: `1800`
-##### `vas_conf_full_update_interval`
+##### `vas_conf_full_update_interval`
Data type: `Optional[Integer]`
Integer for number of seconds vasypd will wait until it fully reloads all
the NIS maps. See VAS.CONF(5)
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_group_update_mode`
+##### `vas_conf_group_update_mode`
Data type: `String[1]`
@@ -404,7 +405,7 @@ Possible values: force | force-if-missing | none
Default value: `'none'`
-##### `vas_conf_root_update_mode`
+##### `vas_conf_root_update_mode`
Data type: `String[1]`
@@ -415,43 +416,43 @@ Possible values: force | force-if-missing | none
Default value: `'none'`
-##### `vas_conf_disabled_user_pwhash`
+##### `vas_conf_disabled_user_pwhash`
Data type: `Optional[String[1]]`
String to be used for disabled-user-pwhash option in vas.conf. If undef,
line will be suppressed.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_expired_account_pwhash`
+##### `vas_conf_expired_account_pwhash`
Data type: `Optional[String[1]]`
String to be used for expired-account-pwhash option in vas.conf.
If undef, line will be suppressed.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_locked_out_pwhash`
+##### `vas_conf_locked_out_pwhash`
Data type: `Optional[String[1]]`
String to be used for locked-out-pwhash option in vas.conf.
If undef, line will be suppressed.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_preload_nested_memberships`
+##### `vas_conf_preload_nested_memberships`
Data type: `Optional[Boolean]`
preload-nested-membership option in vas.conf. Set this to 'false' to speed
up flush (and join) operations in VAS version 4.0.3-206 and later.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_update_process`
+##### `vas_conf_update_process`
Data type: `Stdlib::Absolutepath`
@@ -459,16 +460,16 @@ update-process option in vas.conf. See VAS.CONF(5) for more info.
Default value: `'/opt/quest/libexec/vas/mapupdate_2307'`
-##### `vas_conf_upm_computerou_attr`
+##### `vas_conf_upm_computerou_attr`
Data type: `Optional[String[1]]`
upm-computerou-attr option in vas.conf. Changed to 'department' to work in
a multi-AD-domain setup. See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_update_interval`
+##### `vas_conf_vasd_update_interval`
Data type: `Integer[0]`
@@ -477,7 +478,7 @@ section of vas.conf. See VAS.CONF(5) for more info.
Default value: `600`
-##### `vas_conf_vasd_auto_ticket_renew_interval`
+##### `vas_conf_vasd_auto_ticket_renew_interval`
Data type: `Integer[0]`
@@ -486,7 +487,7 @@ in [vasd] section of vas.conf. See VAS.CONF(5) for more info.
Default value: `32400`
-##### `vas_conf_vasd_lazy_cache_update_interval`
+##### `vas_conf_vasd_lazy_cache_update_interval`
Data type: `Integer[0]`
@@ -495,7 +496,7 @@ in [vasd] section of vas.conf. See VAS.CONF(5) for more info.
Default value: `10`
-##### `vas_conf_vasd_timesync_interval`
+##### `vas_conf_vasd_timesync_interval`
Data type: `Optional[Integer]`
@@ -503,27 +504,27 @@ Integer for number of seconds to set value of timesync-interval in
[vasd] section of vas.conf. See VAS.CONF(5) for more info.
If $::virtual is "zone" this value is set to 0
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_cross_domain_user_groups_member_search`
+##### `vas_conf_vasd_cross_domain_user_groups_member_search`
Data type: `Optional[Boolean]`
Boolean to set value of cross-domain-user-groups-member-search in
[vasd] section of vas.conf. See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_password_change_script`
+##### `vas_conf_vasd_password_change_script`
Data type: `Optional[Stdlib::Absolutepath]`
Path for script to set value of password-change-script in
[vasd] section of vas.conf. See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_password_change_script_timelimit`
+##### `vas_conf_vasd_password_change_script_timelimit`
Data type: `Optional[Integer]`
@@ -531,171 +532,171 @@ Integer for number of seconds to set value of
password-change-script-timelimit in [vasd] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_workstation_mode`
+##### `vas_conf_vasd_workstation_mode`
Data type: `Boolean`
Boolean to control whether or not vasd operates in Workstation mode.
See VAS.CONF(5) for more info.
-Default value: ``false``
+Default value: `false`
-##### `vas_conf_vasd_workstation_mode_users_preload`
+##### `vas_conf_vasd_workstation_mode_users_preload`
Data type: `Optional[String[1]]`
Comma separated list of groups for preloading users in Workstation mode.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_workstation_mode_group_do_member`
+##### `vas_conf_vasd_workstation_mode_group_do_member`
Data type: `Boolean`
Boolean to control if vasd should process group memberships in Workstation
mode. See VAS.CONF(5) for more info.
-Default value: ``false``
+Default value: `false`
-##### `vas_conf_vasd_workstation_mode_groups_skip_update`
+##### `vas_conf_vasd_workstation_mode_groups_skip_update`
Data type: `Boolean`
Boolean that can be used to reduce the number of updates by vasd in
Workstation mode. See VAS.CONF(5) for more info.
-Default value: ``false``
+Default value: `false`
-##### `vas_conf_vasd_ws_resolve_uid`
+##### `vas_conf_vasd_ws_resolve_uid`
Data type: `Boolean`
Boolean to control whether vasd will resolve unknown UIDs when in
Workstation mode. See VAS.CONF(5) for more info.
-Default value: ``false``
+Default value: `false`
-##### `vas_conf_vasd_deluser_check_timelimit`
+##### `vas_conf_vasd_deluser_check_timelimit`
Data type: `Optional[Integer]`
Integer for number of seconds to set value of deluser-check-timelimit in
[vasd] section of vas.conf. See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_delusercheck_interval`
+##### `vas_conf_vasd_delusercheck_interval`
Data type: `Optional[Integer]`
Integer for number of minutes to set value of delusercheck-interval in
[vasd] section of vas.conf. See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_delusercheck_script`
+##### `vas_conf_vasd_delusercheck_script`
Data type: `Optional[Stdlib::Absolutepath]`
Path for script to set value of delusercheck-script in [vasd] section of
vas.conf. See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_username_attr_name`
+##### `vas_conf_vasd_username_attr_name`
Data type: `Optional[String[1]]`
String to be used for username-attr-name in [vasd] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_groupname_attr_name`
+##### `vas_conf_vasd_groupname_attr_name`
Data type: `Optional[String[1]]`
String to be used for groupname-attr-name in [vasd] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_uid_number_attr_name`
+##### `vas_conf_vasd_uid_number_attr_name`
Data type: `Optional[String[1]]`
String to be used for uid-number-attr-name in [vasd] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_gid_number_attr_name`
+##### `vas_conf_vasd_gid_number_attr_name`
Data type: `Optional[String[1]]`
String to be used for gid-number-attr-name in [vasd] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_gecos_attr_name`
+##### `vas_conf_vasd_gecos_attr_name`
Data type: `Optional[String[1]]`
String to be used for gecos-attr-name in [vasd] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_home_dir_attr_name`
+##### `vas_conf_vasd_home_dir_attr_name`
Data type: `Optional[String[1]]`
String to be used for home-dir-attr-name in [vasd] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_login_shell_attr_name`
+##### `vas_conf_vasd_login_shell_attr_name`
Data type: `Optional[String[1]]`
String to be used for login-shell-attr-name in [vasd] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_group_member_attr_name`
+##### `vas_conf_vasd_group_member_attr_name`
Data type: `Optional[String[1]]`
String to be used for group-member-attr-name in [vasd] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_memberof_attr_name`
+##### `vas_conf_vasd_memberof_attr_name`
Data type: `Optional[String[1]]`
String to be used for memberof-attr-name in [vasd] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_unix_password_attr_name`
+##### `vas_conf_vasd_unix_password_attr_name`
Data type: `Optional[String[1]]`
String to be used for unix_password-attr-name in [vasd] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vasd_netgroup_mode`
+##### `vas_conf_vasd_netgroup_mode`
Data type: `Optional[Enum['NSS', 'NIS', 'OFF']]`
@@ -704,9 +705,9 @@ vas.conf. Valid values are 'NSS', 'NIS' and 'OFF'. If not specified, the
netgroup-mode parameter will not be set in vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_prompt_vas_ad_pw`
+##### `vas_conf_prompt_vas_ad_pw`
Data type: `String[1]`
@@ -714,24 +715,24 @@ prompt-vas-ad-pw option in vas.conf. Sets the password prompt for logins.
Default value: `'"Enter Windows password: "'`
-##### `vas_conf_pam_vas_prompt_ad_lockout_msg`
+##### `vas_conf_pam_vas_prompt_ad_lockout_msg`
Data type: `Optional[String[1]]`
prompt-ad-lockout-msg option in vas.conf. See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_libdefaults_forwardable`
+##### `vas_conf_libdefaults_forwardable`
Data type: `Boolean`
Boolean to set value of forwardable in [libdefaults] vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``true``
+Default value: `true`
-##### `vas_conf_libdefaults_tgs_default_enctypes`
+##### `vas_conf_libdefaults_tgs_default_enctypes`
Data type: `String[1]`
@@ -739,7 +740,7 @@ FIXME Missing description
Default value: `'arcfour-hmac-md5'`
-##### `vas_conf_libdefaults_tkt_default_enctypes`
+##### `vas_conf_libdefaults_tkt_default_enctypes`
Data type: `String[1]`
@@ -747,7 +748,7 @@ FIXME Missing description
Default value: `'arcfour-hmac-md5'`
-##### `vas_conf_libdefaults_default_etypes`
+##### `vas_conf_libdefaults_default_etypes`
Data type: `String[1]`
@@ -756,7 +757,7 @@ See VAS.CONF(5) for more info.
Default value: `'arcfour-hmac-md5'`
-##### `vas_conf_libdefaults_default_cc_name`
+##### `vas_conf_libdefaults_default_cc_name`
Data type: `Optional[String[1]]`
@@ -764,18 +765,18 @@ String to set where kerberos cache files should be stored (default on most
systems is /tmp/krb5cc_${uid}).
Example: FILE:/new/path/krb5cc_${uid}
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vas_auth_uid_check_limit`
+##### `vas_conf_vas_auth_uid_check_limit`
Data type: `Optional[Integer]`
Integer for uid-check-limit option in vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vas_auth_allow_disconnected_auth`
+##### `vas_conf_vas_auth_allow_disconnected_auth`
Data type: `Optional[Boolean]`
@@ -783,9 +784,9 @@ Boolean to set value of allow-disconnected-auth option in [vas_auth] section
of vas.conf. See VAS.CONF(5) for more info. If set to 'UNSET' nothing will
get printed.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_vas_auth_expand_ac_groups`
+##### `vas_conf_vas_auth_expand_ac_groups`
Data type: `Optional[Boolean]`
@@ -793,9 +794,9 @@ Boolean to set value of expand-ac-groups option in [vas_auth] section of
vas.conf. See VAS.CONF(5) for more info. If set to 'UNSET' nothing will get
printed.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_libvas_vascache_ipc_timeout`
+##### `vas_conf_libvas_vascache_ipc_timeout`
Data type: `Integer[0]`
@@ -804,7 +805,7 @@ Integer for number of seconds to set value of vascache-ipc-timeout in
Default value: `15`
-##### `vas_conf_libvas_use_server_referrals`
+##### `vas_conf_libvas_use_server_referrals`
Data type: `Variant[Boolean, Enum['']]`
@@ -813,9 +814,9 @@ See VAS.CONF(5) for more info. Set to 'USE_DEFAULTS' for automagically
switching depending on running $vas_version.
Also see $vas_conf_libvas_use_server_referrals_version_switch.
-Default value: ``true``
+Default value: `true`
-##### `vas_conf_libvas_use_server_referrals_version_switch`
+##### `vas_conf_libvas_use_server_referrals_version_switch`
Data type: `String[1]`
@@ -825,7 +826,7 @@ Equal or higher version numbers will pull the trigger.
Default value: `'4.1.0.21518'`
-##### `vas_conf_libvas_auth_helper_timeout`
+##### `vas_conf_libvas_auth_helper_timeout`
Data type: `Integer[0]`
@@ -834,7 +835,7 @@ Integer for number of seconds to set value of auth-helper-timeout in
Default value: `10`
-##### `vas_conf_libvas_mscldap_timeout`
+##### `vas_conf_libvas_mscldap_timeout`
Data type: `Integer[0]`
@@ -843,52 +844,52 @@ AD Domain Controllers. See VAS.CONF(5) for more info.
Default value: `1`
-##### `vas_conf_libvas_site_only_servers`
+##### `vas_conf_libvas_site_only_servers`
Data type: `Boolean`
Boolean to set valut of site-only-servers in [libvas] section of
vas.conf. See VAS.CONF(5) for more info.
-Default value: ``false``
+Default value: `false`
-##### `vas_conf_libvas_use_dns_srv`
+##### `vas_conf_libvas_use_dns_srv`
Data type: `Boolean`
Boolean to set value of use-dns-srv in [libvas] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``true``
+Default value: `true`
-##### `vas_conf_libvas_use_tcp_only`
+##### `vas_conf_libvas_use_tcp_only`
Data type: `Boolean`
Boolean to set value of use-tcp-only in [libvas] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``true``
+Default value: `true`
-##### `vas_conf_lowercase_names`
+##### `vas_conf_lowercase_names`
Data type: `Optional[Boolean]`
Boolean to set value of lowercase-names in [nss_vas] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_conf_lowercase_homedirs`
+##### `vas_conf_lowercase_homedirs`
Data type: `Optional[Boolean]`
Boolean to set value of lowercase-homedirs in [nss_vas] section of vas.conf.
See VAS.CONF(5) for more info.
-Default value: ``undef``
+Default value: `undef`
-##### `vas_config_path`
+##### `vas_config_path`
Data type: `Stdlib::Absolutepath`
@@ -896,7 +897,7 @@ Path to VAS config file.
Default value: `'/etc/opt/quest/vas/vas.conf'`
-##### `vas_config_owner`
+##### `vas_config_owner`
Data type: `String[1]`
@@ -904,7 +905,7 @@ vas.conf owner.
Default value: `'root'`
-##### `vas_config_group`
+##### `vas_config_group`
Data type: `String[1]`
@@ -912,7 +913,7 @@ vas.conf group.
Default value: `'root'`
-##### `vas_config_mode`
+##### `vas_config_mode`
Data type: `Stdlib::Filemode`
@@ -920,7 +921,7 @@ vas.conf mode.
Default value: `'0644'`
-##### `vas_user_override_path`
+##### `vas_user_override_path`
Data type: `Stdlib::Absolutepath`
@@ -928,7 +929,7 @@ Path to user-override file.
Default value: `'/etc/opt/quest/vas/user-override'`
-##### `vas_user_override_owner`
+##### `vas_user_override_owner`
Data type: `String[1]`
@@ -936,7 +937,7 @@ user-override file owner.
Default value: `'root'`
-##### `vas_user_override_group`
+##### `vas_user_override_group`
Data type: `String[1]`
@@ -944,7 +945,7 @@ user-override file group.
Default value: `'root'`
-##### `vas_user_override_mode`
+##### `vas_user_override_mode`
Data type: `Stdlib::Filemode`
@@ -952,7 +953,7 @@ user-override file mode.
Default value: `'0644'`
-##### `vas_group_override_path`
+##### `vas_group_override_path`
Data type: `Stdlib::Absolutepath`
@@ -960,7 +961,7 @@ Path to user-override file.
Default value: `'/etc/opt/quest/vas/group-override'`
-##### `vas_group_override_owner`
+##### `vas_group_override_owner`
Data type: `String[1]`
@@ -968,7 +969,7 @@ group-override file owner.
Default value: `'root'`
-##### `vas_group_override_group`
+##### `vas_group_override_group`
Data type: `String[1]`
@@ -976,7 +977,7 @@ group-override file group.
Default value: `'root'`
-##### `vas_group_override_mode`
+##### `vas_group_override_mode`
Data type: `Stdlib::Filemode`
@@ -984,7 +985,7 @@ group-override file mode.
Default value: `'0644'`
-##### `vas_users_allow_path`
+##### `vas_users_allow_path`
Data type: `Stdlib::Absolutepath`
@@ -992,7 +993,7 @@ Path to users.allow file.
Default value: `'/etc/opt/quest/vas/users.allow'`
-##### `vas_users_allow_owner`
+##### `vas_users_allow_owner`
Data type: `String[1]`
@@ -1000,7 +1001,7 @@ users.allow file owner.
Default value: `'root'`
-##### `vas_users_allow_group`
+##### `vas_users_allow_group`
Data type: `String[1]`
@@ -1008,7 +1009,7 @@ users.allow file group.
Default value: `'root'`
-##### `vas_users_allow_mode`
+##### `vas_users_allow_mode`
Data type: `Stdlib::Filemode`
@@ -1016,7 +1017,7 @@ users.allow file mode.
Default value: `'0644'`
-##### `vas_users_deny_path`
+##### `vas_users_deny_path`
Data type: `Stdlib::Absolutepath`
@@ -1024,7 +1025,7 @@ Path to users.deny file.
Default value: `'/etc/opt/quest/vas/users.deny'`
-##### `vas_users_deny_owner`
+##### `vas_users_deny_owner`
Data type: `String[1]`
@@ -1032,7 +1033,7 @@ users.deny file owner.
Default value: `'root'`
-##### `vas_users_deny_group`
+##### `vas_users_deny_group`
Data type: `String[1]`
@@ -1040,7 +1041,7 @@ users.deny file group.
Default value: `'root'`
-##### `vas_users_deny_mode`
+##### `vas_users_deny_mode`
Data type: `Stdlib::Filemode`
@@ -1048,7 +1049,7 @@ users.deny file mode.
Default value: `'0644'`
-##### `vasjoin_logfile`
+##### `vasjoin_logfile`
Data type: `Stdlib::Absolutepath`
@@ -1056,7 +1057,7 @@ Path to logfile used by AD join commando.
Default value: `'/var/tmp/vasjoin.log'`
-##### `vastool_binary`
+##### `vastool_binary`
Data type: `Stdlib::Absolutepath`
@@ -1064,7 +1065,7 @@ Path to vastool binary to create symlink from.
Default value: `'/opt/quest/bin/vastool'`
-##### `symlink_vastool_binary_target`
+##### `symlink_vastool_binary_target`
Data type: `Stdlib::Absolutepath`
@@ -1072,7 +1073,7 @@ Path to where the symlink should be created.
Default value: `'/usr/bin/vastool'`
-##### `symlink_vastool_binary`
+##### `symlink_vastool_binary`
Data type: `Boolean`
@@ -1080,9 +1081,9 @@ Boolean for ensuring a symlink for vastool_binary to
symlink_vastool_binary_target. This is useful since /opt/quest/bin is a
non-standard location that is not in your $PATH.
-Default value: ``false``
+Default value: `false`
-##### `license_files`
+##### `license_files`
Data type: `Hash`
@@ -1090,7 +1091,7 @@ Hash of license files.
Default value: `{}`
-##### `domain_realms`
+##### `domain_realms`
Data type: `Hash`
@@ -1098,7 +1099,7 @@ Hash of domains that should be mapped to correct realm.
Default value: `{}`
-##### `join_domain_controllers`
+##### `join_domain_controllers`
Data type: `Array[String[1]]`
@@ -1113,25 +1114,25 @@ made.
Default value: `[]`
-##### `unjoin_vas`
+##### `unjoin_vas`
Data type: `Boolean`
Boolean to trigger an unjoining of the domain. Obviously this will only
work if the system is joined to a domain.
-Default value: ``false``
+Default value: `false`
-##### `use_srv_infocache`
+##### `use_srv_infocache`
Data type: `Optional[Boolean]`
A bool to achieve the same thing as issuing "vastool configure vas libvas
use-srv-info-cache " Only has any effect if set to false.
-Default value: ``undef``
+Default value: `undef`
-##### `kdcs`
+##### `kdcs`
Data type: `Array[String[1]]`
@@ -1141,7 +1142,7 @@ has the same effect as issuing
Default value: `[]`
-##### `kdc_port`
+##### `kdc_port`
Data type: `Stdlib::Port`
@@ -1150,7 +1151,7 @@ with servernames.
Default value: `88`
-##### `kpasswd_servers`
+##### `kpasswd_servers`
Data type: `Array[String[1]]`
@@ -1160,7 +1161,7 @@ of kdcs (above).
Default value: `[]`
-##### `kpasswd_server_port`
+##### `kpasswd_server_port`
Data type: `Stdlib::Port`
@@ -1169,7 +1170,7 @@ kpasswd_servers or kdcs is populated with servernames.
Default value: `464`
-##### `api_enable`
+##### `api_enable`
Data type: `Boolean`
@@ -1178,35 +1179,77 @@ will return a list of entries for the users.allow file. This result will be
merged with whatever content is provided otherwise provided; i.e. it will be
concatenated with the content created by parameters users_allow_entries.
-Default value: ``false``
+Default value: `false`
-##### `api_users_allow_url`
+##### `api_users_allow_url`
Data type: `Optional[Stdlib::HTTPSUrl]`
The URL towards the API.
-Default value: ``undef``
+Default value: `undef`
-##### `api_token`
+##### `api_token`
Data type: `Optional[String[1]]`
Security token for authenticated access to the API.
-Default value: ``undef``
+Default value: `undef`
+
+##### `api_ssl_verify`
+
+Data type: `Boolean`
+
+Whether TLS connections should be verified or not.
+
+Default value: `true`
## Functions
-### `api_fetch`
+### `vas::api_fetch`
+
+Type: Ruby 4.x API
+
+Query a remote HTTP-based service for entries to be added to users_allow.
+
+#### Examples
+
+##### Calling the function
+
+```puppet
+vas::api_fetch("https://host.domain.tld/api/${facts['trusted.certname']}")
+```
+
+#### `vas::api_fetch(Stdlib::HTTPUrl $url, String[1] $token, Optional[Boolean] $ssl_verify)`
-Type: Ruby 3.x API
+Query a remote HTTP-based service for entries to be added to users_allow.
-The api_fetch function.
+Returns: `Stdlib::Http::Status` If a valid response and contains entries
-#### `api_fetch()`
+##### Examples
-The api_fetch function.
+###### Calling the function
+
+```puppet
+vas::api_fetch("https://host.domain.tld/api/${facts['trusted.certname']}")
+```
+
+##### `url`
+
+Data type: `Stdlib::HTTPUrl`
+
+URL to connect to
+
+##### `token`
+
+Data type: `String[1]`
+
+Token used for authentication
+
+##### `ssl_verify`
+
+Data type: `Optional[Boolean]`
-Returns: `Any`
+Whether TLS connections should be verified or not
diff --git a/lib/puppet/functions/vas/api_fetch.rb b/lib/puppet/functions/vas/api_fetch.rb
new file mode 100644
index 0000000..5089736
--- /dev/null
+++ b/lib/puppet/functions/vas/api_fetch.rb
@@ -0,0 +1,52 @@
+# Query a remote HTTP-based service for entries to be added to users_allow.
+Puppet::Functions.create_function(:'vas::api_fetch') do
+ require 'net/http'
+ require 'net/https'
+ require 'openssl'
+ # @param url URL to connect to
+ # @param token Token used for authentication
+ # @param ssl_verify Whether TLS connections should be verified or not
+ # @return [Stdlib::Http::Status, Array[String]] If a valid response and contains entries
+ # @return [Stdlib::Http::Status, Array[nil]] If a valid response, but no entries
+ # @return [Stdlib::Http::Status, nil] If response is not of SUCCESS status code
+ # @return [0, String] If the query is unable to reach server or other error
+ # @example Calling the function
+ # vas::api_fetch("https://host.domain.tld/api/${facts['trusted.certname']}")
+ dispatch :api_fetch do
+ param 'Stdlib::HTTPUrl', :url
+ param 'String[1]', :token
+ optional_param 'Boolean', :ssl_verify
+ end
+
+ def api_fetch(url, token, ssl_verify = false)
+ uri = URI.parse(url)
+
+ req = Net::HTTP::Get.new(uri.to_s)
+ req['Authorization'] = "Bearer #{token}"
+ req['Accept'] = 'text/plain'
+
+ https = Net::HTTP.new(uri.host, uri.port)
+ https.use_ssl = true
+ unless ssl_verify
+ https.verify_mode = OpenSSL::SSL::VERIFY_NONE
+ end
+ https.open_timeout = 2
+ https.read_timeout = 2
+
+ begin
+ response = https.start do |cx|
+ cx.request(req)
+ end
+
+ case response
+ when Net::HTTPSuccess
+ return response.code, response.body.split("\n") unless response.body.to_s.empty?
+ [response.code, []]
+ else
+ [response.code, nil]
+ end
+ rescue => error
+ [0, error.message]
+ end
+ end
+end
diff --git a/lib/puppet/parser/functions/api_fetch.rb b/lib/puppet/parser/functions/api_fetch.rb
deleted file mode 100644
index 8500b3a..0000000
--- a/lib/puppet/parser/functions/api_fetch.rb
+++ /dev/null
@@ -1,52 +0,0 @@
-#
-# api_fetch.rb
-#
-
-require 'net/http'
-require 'net/https'
-require 'openssl'
-
-module Puppet::Parser::Functions
- newfunction(:api_fetch, type: :rvalue) do |args|
- raise(Puppet::ParseError, "api_fetch(): Wrong number of arguments given (#{args.size} for 2)") if args.size < 2
-
- url = args[0]
- token = args[1]
-
- unless url.is_a?(String)
- raise(Puppet::ParseError, 'api_fetch(): Argument must be a string')
- end
-
- unless token.is_a?(String)
- raise(Puppet::ParseError, 'api_fetch(): Argument must be a string')
- end
-
- uri = URI.parse(url)
-
- req = Net::HTTP::Get.new(uri.to_s)
- req['Authorization'] = "Bearer #{token}"
- req['Accept'] = 'text/plain'
-
- https = Net::HTTP.new(uri.host, uri.port)
- https.use_ssl = true
- https.verify_mode = OpenSSL::SSL::VERIFY_NONE
- https.open_timeout = 2
- https.read_timeout = 2
-
- begin
- response = https.start do |cx|
- cx.request(req)
- end
-
- case response
- when Net::HTTPSuccess
- return response.code, response.body.split("\n") unless response.body.to_s.empty?
- return response.code, []
- else
- return response.code, nil
- end
- rescue => error
- return 0, error.message
- end
- end
-end
diff --git a/manifests/init.pp b/manifests/init.pp
index 6684095..c193f75 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -469,6 +469,8 @@
# @param api_token
# Security token for authenticated access to the API.
#
+# @param api_ssl_verify
+# Whether TLS connections should be verified or not.
class vas (
Boolean $manage_nis = true,
String[1] $package_version = 'installed',
@@ -587,6 +589,7 @@
Boolean $api_enable = false,
Optional[Stdlib::HTTPSUrl] $api_users_allow_url = undef,
Optional[String[1]] $api_token = undef,
+ Boolean $api_ssl_verify = false,
) {
# variable preparations
$once_file = '/etc/opt/quest/vas/puppet_joined'
@@ -672,7 +675,7 @@
if $api_enable == true and ($api_users_allow_url == undef or $api_token == undef) {
fail('vas::api_enable is set to true but required parameters vas::api_users_allow_url and/or vas::api_token missing')
} elsif $api_enable == true {
- $api_users_allow_data = api_fetch($api_users_allow_url, $api_token)
+ $api_users_allow_data = vas::api_fetch($api_users_allow_url, $api_token, $api_ssl_verify)
case $api_users_allow_data[0] {
200,'200': { # api_fetch() returns integer in Puppet 3 and string in Puppet 6
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index d6957de..231253e 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -317,7 +317,7 @@
context 'and returns 200' do
context 'without data' do
let(:pre_condition) do
- 'function api_fetch($api_users_allow_url, $api_token) { return [200, undef] }'
+ 'function vas::api_fetch($api_users_allow_url, $api_token, $api_ssl_verify) { return [200, undef] }'
end
users_allow_api_nodata_content = <<-END.gsub(%r{^\s+\|}, '')
@@ -355,7 +355,7 @@
context 'with data' do
let(:pre_condition) do
- 'function api_fetch($api_users_allow_url, $api_token) { return [200, \'apiuser@example.com\'] }'
+ 'function vas::api_fetch($api_users_allow_url, $api_token, $api_ssl_verify) { return [200, \'apiuser@example.com\'] }'
end
users_allow_api_data_content = <<-END.gsub(%r{^\s+\|}, '')
@@ -394,7 +394,7 @@
context 'and return non-200 code' do
let(:pre_condition) do
- 'function api_fetch($api_users_allow_url, $api_token) { return [0, undef] }'
+ 'function vas::api_fetch($api_users_allow_url, $api_token, $api_ssl_verify) { return [0, undef] }'
end
it {
diff --git a/spec/classes/parameter_spec.rb b/spec/classes/parameter_spec.rb
index f3a3970..c48ed5b 100644
--- a/spec/classes/parameter_spec.rb
+++ b/spec/classes/parameter_spec.rb
@@ -918,7 +918,7 @@
}
end
let(:pre_condition) do
- 'function api_fetch($api_users_allow_url, $api_token) { return [200, undef] }'
+ 'function vas::api_fetch($api_users_allow_url, $api_token, $api_ssl_verify) { return [200, undef] }'
end
it do
@@ -935,7 +935,7 @@
}
end
let(:pre_condition) do
- 'function api_fetch($api_users_allow_url, $api_token) { return [200, \'apiuser@test.ing\'] }'
+ 'function vas::api_fetch($api_users_allow_url, $api_token, $api_ssl_verify) { return [200, \'apiuser@test.ing\'] }'
end
it do
@@ -953,7 +953,7 @@
}
end
let(:pre_condition) do
- 'function api_fetch($api_users_allow_url, $api_token) { return [200, undef] }'
+ 'function vas::api_fetch($api_users_allow_url, $api_token, $api_ssl_verify) { return [200, undef] }'
end
it do
@@ -971,7 +971,7 @@
}
end
let(:pre_condition) do
- 'function api_fetch($api_users_allow_url, $api_token) { return [200, \'apiuser@test.ing\'] }'
+ 'function vas::api_fetch($api_users_allow_url, $api_token, $api_ssl_verify) { return [200, \'apiuser@test.ing\'] }'
end
it do
@@ -1007,7 +1007,7 @@
}
end
let(:pre_condition) do
- 'function api_fetch($api_users_allow_url, $api_token) { return [200, undef] }'
+ 'function vas::api_fetch($api_users_allow_url, $api_token, $api_ssl_verify) { return [200, undef] }'
end
it do
@@ -1024,7 +1024,7 @@
}
end
let(:pre_condition) do
- 'function api_fetch($api_users_allow_url, $api_token) { return [200, \'apiuser@test.ing\'] }'
+ 'function vas::api_fetch($api_users_allow_url, $api_token, $api_ssl_verify) { return [200, \'apiuser@test.ing\'] }'
end
it do
diff --git a/spec/functions/api_fetch_spec.rb b/spec/functions/api_fetch_spec.rb
index c194d7a..cf978df 100644
--- a/spec/functions/api_fetch_spec.rb
+++ b/spec/functions/api_fetch_spec.rb
@@ -3,7 +3,7 @@
require 'spec_helper'
require 'webmock/rspec'
-describe 'api_fetch' do
+describe 'vas::api_fetch' do
headers = {
'Accept' => 'text/plain',
'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
@@ -18,7 +18,7 @@
it do
is_expected.to run
.with_params
- .and_raise_error(Puppet::ParseError, 'api_fetch(): Wrong number of arguments given (0 for 2)')
+ .and_raise_error(ArgumentError, '\'vas::api_fetch\' expects between 2 and 3 arguments, got none')
end
end
@@ -26,7 +26,7 @@
it do
is_expected.to run
.with_params(url)
- .and_raise_error(Puppet::ParseError, 'api_fetch(): Wrong number of arguments given (1 for 2)')
+ .and_raise_error(ArgumentError, '\'vas::api_fetch\' expects between 2 and 3 arguments, got 1')
end
end
end
@@ -35,7 +35,7 @@
it do
is_expected.to run
.with_params(1, 'somesecret')
- .and_raise_error(%r{Argument must be a string})
+ .and_raise_error(ArgumentError, %r{'vas::api_fetch' parameter 'url' expects a match for Stdlib::HTTPUrl.* got Integer})
end
end
@@ -43,7 +43,7 @@
it do
is_expected.to run
.with_params(url, 1)
- .and_raise_error(%r{Argument must be a string})
+ .and_raise_error(ArgumentError, '\'vas::api_fetch\' parameter \'token\' expects a String value, got Integer')
end
end