From 99455380692f233f64c7fb68eb8a11105d39f5ac Mon Sep 17 00:00:00 2001
From: lhinds <lhinds@redhat.com>
Date: Thu, 23 Mar 2017 13:41:42 +0000
Subject: Adds service for managing securetty

This adds the ability to manage the securetty file.

By allowing management of securetty, operators can limit root
console access and improve security through hardening.

Change-Id: I0767c9529b40a721ebce1eadc2dea263e0a5d4d7
Partial-Bug: #1665042
Depends-On: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
---
 puppet/services/securetty.yaml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 puppet/services/securetty.yaml

(limited to 'puppet/services/securetty.yaml')

diff --git a/puppet/services/securetty.yaml b/puppet/services/securetty.yaml
new file mode 100644
index 00000000..6d32fe82
--- /dev/null
+++ b/puppet/services/securetty.yaml
@@ -0,0 +1,36 @@
+heat_template_version: ocata
+
+description: >
+  Configure securetty values
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  TtyValues:
+    default: {}
+    description: Configures console values in securetty
+    type: json
+    constraints:
+      - length: { min: 1}
+
+outputs:
+  role_data:
+    description: Console data for the securetty
+    value:
+      service_name: securetty
+      config_settings:
+        tripleo::profile::base::securetty::tty_list: {get_param: TtyValues}
+      step_config: |
+        include ::tripleo::profile::base::securetty
-- 
cgit 1.2.3-korg