From 083a2bc9d4cf574b9617abe957ba5665a62c3377 Mon Sep 17 00:00:00 2001
From: Simon Aquino <simon.aquino@kpmg.co.uk>
Date: Mon, 7 Dec 2015 18:08:28 +0000
Subject: [PATCH] Introducing auth parameter in puppet-uchiwa

This commit introduces the auth paramter, which can be used - starting
from uchiwa 0.13.0 in order to specify a static RSA keypair for JWT
signature validation.
---
 manifests/init.pp                   | 16 +++++++++++++++-
 manifests/params.pp                 |  1 +
 templates/etc/sensu/uchiwa.json.erb | 10 ++++++++--
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 721170f..7157b9e 100755
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -113,6 +113,18 @@
 #     }]
 #     ```
 #
+#  [*auth*]
+#    Hash
+#    A hash containing the static public and private key paths for generating and
+#    validating JSON Web Token (JWT) signatures.
+#    Example:
+#    ```
+#    {
+#      'publickey'  => '/path/to/uchiwa.rsa.pub',
+#      'privatekey' => '/path/to/uchiwa.rsa'
+#    }
+#    ```
+#
 class uchiwa (
   $package_name         = $uchiwa::params::package_name,
   $service_name         = $uchiwa::params::service_name,
@@ -130,7 +142,8 @@
   $pass                 = $uchiwa::params::pass,
   $refresh              = $uchiwa::params::refresh,
   $sensu_api_endpoints  = $uchiwa::params::sensu_api_endpoints,
-  $users                = $uchiwa::params::users
+  $users                = $uchiwa::params::users,
+  $auth                 = $uchiwa::params::auth
 ) inherits uchiwa::params {
 
   # validate parameters here
@@ -151,6 +164,7 @@
   validate_integer($refresh)
   validate_array($sensu_api_endpoints)
   validate_array($users)
+  validate_hash($auth)
 
   anchor { 'uchiwa::begin': } ->
   class { 'uchiwa::install': } ->
diff --git a/manifests/params.pp b/manifests/params.pp
index d0d5cf0..197dac7 100755
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -46,4 +46,5 @@
   $pass            =     ''
   $refresh         =     '5'
   $users           =     []
+  $auth            =     {}
 }
diff --git a/templates/etc/sensu/uchiwa.json.erb b/templates/etc/sensu/uchiwa.json.erb
index a606c37..d2720fd 100644
--- a/templates/etc/sensu/uchiwa.json.erb
+++ b/templates/etc/sensu/uchiwa.json.erb
@@ -20,7 +20,7 @@
     "port": <%= @port %>,
     "user": "<%= @user %>",
     "pass": "<%= @pass %>",
-    "refresh": <%= @refresh %><%= ',' if @users.size > 0 %>
+    "refresh": <%= @refresh %><%= ',' if @users.size > 0 or @auth.size == 2 %>
     <%- if @users.size > 0 -%>
     "users": [
     <%- @users.each_with_index do |user, i| -%>
@@ -32,7 +32,13 @@
         }
       }<%= ',' if i < (@users.size - 1) %>
     <%- end -%>
-    ]
+    ]<%= ',' if @auth.size == 2 %>
+  <%- end -%>
+  <%- if @auth.size == 2 -%>
+    "auth": {
+      "publickey": "<%= @auth['publickey']  %>",
+      "privatekey": "<%= @auth['privatekey']  %>"
+    }
   <%- end -%>
   }
 }