Make repo management optional

README.md

@@ -111,7 +111,18 @@ Configures usage of the http_proxy environment variable. There is not default
 for this setting.
 
 ####`manage_ssh [optional]`
-Configures whether or not to allow the module to manage the SSH service/package. 
+Configures whether or not to allow the module to manage the SSH service/package.
+The default is *true*.
+
+####`manage_repo [optional]`
+Configures whether or not to allow the module to add/manage the apt/yum repository.
+<<<<<<< HEAD
+The default is *true*.
+
+####`manage_pam [optinal]`
+Configures whether or not to allow the module to manage the system PAM configuration.
+=======
+>>>>>>> 941610fa2019b7ad0b9353b049204b5069b0e6a0
 The default is *true*.
 
 ####`pam_unix_control [optional]`

manifests/apt.pp

@@ -18,30 +18,31 @@
   }
 
   package { $duo_unix::duo_package:
-    ensure  => $package_state,
-    require => [
-      File[$repo_file],
-      Exec['Duo Security GPG Import'],
-      Exec['duo-security-apt-update']
-    ]
+    ensure  => $package_state
   }
 
-  file { $repo_file:
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    content => "deb ${repo_uri}/${::operatingsystem} ${::lsbdistcodename} main",
-    notify  => Exec['duo-security-apt-update']
-  }
+  if $duo_unix::manage_repo {
+    file { $repo_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      content => "deb ${repo_uri}/${::operatingsystem} ${::lsbdistcodename} main",
+      notify  => Exec['duo-security-apt-update'],
+      before  => Package[$duo_unix::duo_package]
+    }
 
-  exec { 'duo-security-apt-update':
-    command     => '/usr/bin/apt-get update',
-    refreshonly => true
-  }
+    exec { 'duo-security-apt-update':
+      command     => '/usr/bin/apt-get update',
+      refreshonly => true,
+      require     => File[$repo_file],
+      before      => Package[$duo_unix::duo_package]
+    }
 
-  exec { 'Duo Security GPG Import':
-    command => '/usr/bin/apt-key add /etc/apt/DEB-GPG-KEY-DUO',
-    unless  => '/usr/bin/apt-key list | grep "Duo Security"',
-    notify  => Exec['duo-security-apt-update']
+    exec { 'Duo Security GPG Import':
+      command => '/usr/bin/apt-key add /etc/apt/DEB-GPG-KEY-DUO',
+      unless  => '/usr/bin/apt-key list | grep "Duo Security"',
+      notify  => Exec['duo-security-apt-update'],
+      before  => Package[$duo_unix::duo_package]
+    }
   }
 }

manifests/init.pp

@@ -20,6 +20,8 @@
   $prompts = '3',
   $accept_env_factor = 'no',
   $manage_ssh = true,
+  $manage_pam = true,
+  $manage_repo = true,
   $pam_unix_control = 'requisite',
   $package_version = 'installed',
 ) {

manifests/login.pp

@@ -6,7 +6,7 @@
 #
 # Mark Stanislav <[email protected]>
 #
-class duo_unix::login {
+class duo_unix::login inherits duo_unix {
 
   file { '/etc/duo/login_duo.conf':
     ensure  => present,

manifests/pam.pp

@@ -6,7 +6,7 @@
 #
 # Mark Stanislav <[email protected]>
 #
-class duo_unix::pam {
+class duo_unix::pam inherits duo_unix {
   $aug_pam_path = "/files${duo_unix::pam_file}"
   $aug_match    = "${aug_pam_path}/*/module[. = '${duo_unix::pam_module}']"
 
@@ -31,31 +31,32 @@
     }
   }
 
-  if $::osfamily == 'RedHat' {
-    augeas { 'PAM Configuration':
-      changes => [
-        "set ${aug_pam_path}/2/control ${duo_unix::pam_unix_control}",
-        "ins 100 after ${aug_pam_path}/2",
-        "set ${aug_pam_path}/100/type auth",
-        "set ${aug_pam_path}/100/control sufficient",
-        "set ${aug_pam_path}/100/module ${duo_unix::pam_module}"
-      ],
-      require => Package[$duo_unix::duo_package],
-      onlyif  => "match ${aug_match} size == 0";
-    }
+  if $duo_unix::manage_pam {
+    if $::osfamily == 'RedHat' {
+      augeas { 'PAM Configuration':
+        changes => [
+          "set ${aug_pam_path}/2/control ${duo_unix::pam_unix_control}",
+          "ins 100 after ${aug_pam_path}/2",
+          "set ${aug_pam_path}/100/type auth",
+          "set ${aug_pam_path}/100/control sufficient",
+          "set ${aug_pam_path}/100/module ${duo_unix::pam_module}"
+        ],
+        require => Package[$duo_unix::duo_package],
+        onlyif  => "match ${aug_match} size == 0";
+      }
 
-  } else {
-    augeas { 'PAM Configuration':
-      changes => [
-        "set ${aug_pam_path}/1/control ${duo_unix::pam_unix_control}",
-        "ins 100 after ${aug_pam_path}/1",
-        "set ${aug_pam_path}/100/type auth",
-        "set ${aug_pam_path}/100/control '[success=1 default=ignore]'",
-        "set ${aug_pam_path}/100/module ${duo_unix::pam_module}"
-      ],
-      require => Package[$duo_unix::duo_package],
-      onlyif  => "match ${aug_match} size == 0";
+    } else {
+      augeas { 'PAM Configuration':
+        changes => [
+          "set ${aug_pam_path}/1/control ${duo_unix::pam_unix_control}",
+          "ins 100 after ${aug_pam_path}/1",
+          "set ${aug_pam_path}/100/type auth",
+          "set ${aug_pam_path}/100/control '[success=1 default=ignore]'",
+          "set ${aug_pam_path}/100/module ${duo_unix::pam_module}"
+        ],
+        require => Package[$duo_unix::duo_package],
+        onlyif  => "match ${aug_match} size == 0";
+      }
     }
   }
-
 }

manifests/yum.pp

@@ -30,12 +30,15 @@
     $releasever = '$releasever'
   }
 
-  yumrepo { 'duosecurity':
-    descr    => 'Duo Security Repository',
-    baseurl  => "${repo_uri}/${os}/${releasever}/\$basearch",
-    gpgcheck => '1',
-    enabled  => '1',
-    require  => File['/etc/pki/rpm-gpg/RPM-GPG-KEY-DUO'];
+  if $duo_unix::manage_repo {
+    yumrepo { 'duosecurity':
+      descr    => 'Duo Security Repository',
+      baseurl  => "${repo_uri}/${os}/${releasever}/\$basearch",
+      gpgcheck => '1',
+      enabled  => '1',
+      require  => File['/etc/pki/rpm-gpg/RPM-GPG-KEY-DUO'],
+      before   => Package[$duo_unix::duo_package];
+    }
   }
 
   if $duo_unix::manage_ssh {
@@ -46,7 +49,7 @@
 
   package {  $duo_unix::duo_package:
     ensure  => $package_state,
-    require => [ Yumrepo['duosecurity'], Exec['Duo Security GPG Import'] ];
+    require => [ Exec['Duo Security GPG Import'] ];
   }
 
   exec { 'Duo Security GPG Import':

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "duosecurity-duo_unix",
-  "version": "0.3.2",
+  "version": "0.3.3",
   "author": "Duo Security",
   "summary": "Installs, configures, and manages Duo Unix.",
   "license": "GPL-2.0",

templates/duo.conf.erb

@@ -33,7 +33,7 @@ motd=<%= @motd %>
 <% if @group != '' -%>
 
 ; Group restriction
-group=<%= @group %>
+groups=<%= @group %>
 <% end -%>
 <% if @http_proxy != '' -%>