From ddbf63068772475c48ff4825e04024f233d3b9cc Mon Sep 17 00:00:00 2001
From: Adam Boutcher <adam.j.boutcher@durham.ac.uk>
Date: Mon, 25 Oct 2021 11:53:24 +0100
Subject: [PATCH 1/3] Added IAM support

---
 manifests/atlas.pp  |  6 ++++++
 manifests/client.pp | 11 ++++++++++-
 manifests/cms.pp    |  6 ++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/manifests/atlas.pp b/manifests/atlas.pp
index 2f88ab4..b961aea 100644
--- a/manifests/atlas.pp
+++ b/manifests/atlas.pp
@@ -12,6 +12,7 @@
 #
 # CERN IT/GT/DMS <it-dep-gt-dms@cern.ch>
 # CERN IT/PS/PES <it-dep-ps-pes@cern.ch>
+# Adam Boutcher IPPP, Durham University <adam.j.boutcher@durham.ac.uk>
 
 class voms::atlas {
   voms::client{'atlas':
@@ -24,6 +25,11 @@
                     port   => '15001',
                     dn    => '/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch',
                     ca_dn => '/DC=ch/DC=cern/CN=CERN Trusted Certification Authority'
+                   },
+                   {server => 'voms-atlas-auth.app.cern.ch',
+                    port   => '0',
+                    dn     => '/DC=ch/DC=cern/OU=computers/CN=atlas-auth.web.cern.ch',
+                    ca_dn  => '/DC=ch/DC=cern/CN=CERN Grid Certification Authority'
                    }]
  }
 }
diff --git a/manifests/client.pp b/manifests/client.pp
index 11e064b..335b7d2 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -11,7 +11,8 @@
 
 # [*servers*]
 #   An array of hashes. For each VOMS server 
-#   specify server name (server), its port (port), 
+#   specify server name (server), its port (port) - 0 (Zero)
+#   indicates an IAM auth not voms,
 #   its distinguished name (dn) and it's certificate 
 #   authority distinguished name (ca_dn) as keys to the hash.
 
@@ -27,12 +28,18 @@
 #                   port   => '15009',
 #                   dn    => '/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch',
 #                   ca_dn => '/DC=ch/DC=cern/CN=CERN Trusted Certification Authority'
+#                  },
+#                  {server => 'lcg-voms-auth.app.cern.ch',
+#                   port   => '0',
+#                   dn    => '/DC=ch/DC=cern/OU=computers/CN=lcg-voms-app.web.cern.ch',
+#                   ca_dn => '/DC=ch/DC=cern/CN=CERN Trusted Certification Authority'
 #                  }]
 #
 # == Authors
 #
 # CERN IT/GT/DMS <it-dep-gt-dms@cern.ch>
 # CERN IT/PES/PS <it-dep-pes-ps@cern.ch>
+# Adam Boutcher IPPP, Durham University <adam.j.boutcher@durham.ac.uk>
 #
 define voms::client ($vo = $name, $servers = []  ) {
    ensure_resource('class','voms::install')
@@ -63,9 +70,11 @@
    content: "<%= s["dn"] %>\n<%= s["ca_dn"] %>\n"
    require: File[/etc/grid-security/vomsdir/<%= @vo %>]
 
+<% if s["port"] != "0" -%>
 /etc/vomses/<%= @vo %>-<%= s["server"] %>:
    content: "\"<%= @vo %>\" \"<%= s["server"] %>\" \"<%= s["port"] %>\" \"<%= s["dn"] %>\" \"<%= @vo %>\" \"24\"\n"
    require: File[/etc/vomses]
+<% end -%>
 
 <% end -%>
 
diff --git a/manifests/cms.pp b/manifests/cms.pp
index 0259969..60f7af7 100644
--- a/manifests/cms.pp
+++ b/manifests/cms.pp
@@ -12,6 +12,7 @@
 #
 # CERN IT/GT/DMS <it-dep-gt-dms@cern.ch>
 # CERN IT/PS/PES <it-dep-ps-pes@cern.ch>
+# Adam Boutcher IPPP, Durham University <adam.j.boutcher@durham.ac.uk>
 
 class voms::cms {
   voms::client{'cms':
@@ -24,6 +25,11 @@
                     port   => '15002',
                     dn    => '/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch',
                     ca_dn => '/DC=ch/DC=cern/CN=CERN Trusted Certification Authority'
+                   },
+                   {server => 'voms-cms-auth.app.cern.ch',
+                    port   => '0',
+                    dn     => '/DC=ch/DC=cern/OU=computers/CN=cms-auth.web.cern.ch',
+                    ca_dn  => '/DC=ch/DC=cern/CN=CERN Grid Certification Authority'
                    }]
  }
 }

From e4cb49e19a20d84100018168c6aea9b06149cf18 Mon Sep 17 00:00:00 2001
From: Adam Boutcher <adam.j.boutcher@durham.ac.uk>
Date: Mon, 25 Oct 2021 11:59:35 +0100
Subject: [PATCH 2/3] LHCB VOMS

---
 manifests/lhcb.pp | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 manifests/lhcb.pp

diff --git a/manifests/lhcb.pp b/manifests/lhcb.pp
new file mode 100644
index 0000000..b6e8a71
--- /dev/null
+++ b/manifests/lhcb.pp
@@ -0,0 +1,35 @@
+# Class defining the lhcb VO, as seen by the VOMS service.
+#
+# Takes care of all the required setup to enable access to the lhcb VO
+# (users and services) in a grid enabled machine.
+#
+# == Examples
+#
+# Simply enable this class:
+#   class{'voms::lhcb':}
+#
+# == Authors
+#
+# CERN IT/GT/DMS <it-dep-gt-dms@cern.ch>
+# CERN IT/PS/PES <it-dep-ps-pes@cern.ch>
+# Adam Boutcher IPPP, Durham University <adam.j.boutcher@durham.ac.uk>
+
+class voms::lhcb {
+  voms::client{'lhcb':
+      servers  => [{server => 'voms2.cern.ch',
+                    port   => '15003',
+                    dn     => '/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch',
+                    ca_dn  => '/DC=ch/DC=cern/CN=CERN Grid Certification Authority'
+                   },
+                   {server => 'lcg-voms2.cern.ch',
+                    port   => '15003',
+                    dn     => '/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch',
+                    ca_dn  => '/DC=ch/DC=cern/CN=CERN Grid Certification Authority'
+                   },
+                   {server => 'voms-lhcb-auth.app.cern.ch',
+                    port   => '0',
+                    dn     => '/DC=ch/DC=cern/OU=computers/CN=lhcb-auth.web.cern.ch',
+                    ca_dn  => '/DC=ch/DC=cern/CN=CERN Grid Certification Authority'
+                   }]
+ }
+}

From eb20ea681fdcb5460b02a3bdbf974d57a27a5373 Mon Sep 17 00:00:00 2001
From: Adam <adam@aboutcher.co.uk>
Date: Wed, 4 May 2022 13:10:06 +0100
Subject: [PATCH 3/3] Update client.pp

Update IAM support for VOs as they now require an IAM Vomses config.
---
 manifests/client.pp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/manifests/client.pp b/manifests/client.pp
index 335b7d2..33b2071 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -30,9 +30,10 @@
 #                   ca_dn => '/DC=ch/DC=cern/CN=CERN Trusted Certification Authority'
 #                  },
 #                  {server => 'lcg-voms-auth.app.cern.ch',
-#                   port   => '0',
+#                   port   => '443',
 #                   dn    => '/DC=ch/DC=cern/OU=computers/CN=lcg-voms-app.web.cern.ch',
-#                   ca_dn => '/DC=ch/DC=cern/CN=CERN Trusted Certification Authority'
+#                   ca_dn => '/DC=ch/DC=cern/CN=CERN Trusted Certification Authority',
+#                   iam   => true
 #                  }]
 #
 # == Authors
@@ -71,7 +72,11 @@
    require: File[/etc/grid-security/vomsdir/<%= @vo %>]
 
 <% if s["port"] != "0" -%>
+<% if s["iam"] != true -%>
 /etc/vomses/<%= @vo %>-<%= s["server"] %>:
+<% else -%>
+/etc/vomses/<%= s["server"] %>.vomses:
+<% end -%>
    content: "\"<%= @vo %>\" \"<%= s["server"] %>\" \"<%= s["port"] %>\" \"<%= s["dn"] %>\" \"<%= @vo %>\" \"24\"\n"
    require: File[/etc/vomses]
 <% end -%>