From 8e271e3043fd55ce7c39f520360214e6844085af Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Fri, 30 Oct 2015 13:04:42 -0700
Subject: [PATCH] Change the zack/r10k webhook to utilize username and password

To accomodate generating random usernames and passwords, I had
to parameterize the profiles which I didn't feel great about
but I also didn't want to have to put the username and pass in
hiera.
---
 site/profile/manifests/puppetmaster.pp           |  7 +++++--
 site/profile/manifests/webhook_no_mcollective.pp |  9 +++++++--
 site/role/manifests/all_in_one_pe.pp             | 14 ++++++++++++--
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index d306ad5..d3f1a87 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -1,4 +1,7 @@
-class profile::puppetmaster {
+class profile::puppetmaster (
+  $webhook_username,
+  $webhook_password
+) {
 
   class { 'hiera':
     hierarchy  => [
@@ -38,7 +41,7 @@ class profile::puppetmaster {
   
     git_webhook { "web_post_receive_webhook-${::fqdn}" :
       ensure             => present,
-      webhook_url        => "https://${::fqdn}:8088/payload",
+      webhook_url        => "https://${webhook_username}:${webhook_password}@${::fqdn}:8088/payload",
       token              => hiera('gms_api_token'),
       project_name       => 'puppet/control-repo',
       server_url         => hiera('gms_server_url'),
diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp
index f4f50d7..dc7b1aa 100644
--- a/site/profile/manifests/webhook_no_mcollective.pp
+++ b/site/profile/manifests/webhook_no_mcollective.pp
@@ -1,8 +1,13 @@
-class profile::webhook_no_mcollective {
+class profile::webhook_no_mcollective (
+  $username,
+  $password
+) {
 
   class {'r10k::webhook::config':
     enable_ssl      => true,
-    protected       => false,
+    protected       => true,
+    user            => $username,
+    pass            => $password,
     use_mcollective => false,
   }
 
diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp
index f34a261..3762325 100644
--- a/site/role/manifests/all_in_one_pe.pp
+++ b/site/role/manifests/all_in_one_pe.pp
@@ -1,6 +1,16 @@
 class role::all_in_one_pe {
 
-  include profile::webhook_no_mcollective
-  include profile::puppetmaster
+  $webhook_username = hiera('webhook_username', fqdn_rand_string(10, '', 'username'))
+  $webhook_password = hiera('webhook_password', fqdn_rand_string(20, '', 'password'))
+
+  class { 'profile::puppetmaster' :
+    webhook_username => $webhook_username,
+    webhook_password => $webhook_password,
+  }
+
+  class { 'profile::webhook_no_mcollective' :
+    username => $webhook_username,
+    password => $webhook_password,
+  }
 
 }