From 92b655704bd8e76f3424c39e9b751ab04b7597f3 Mon Sep 17 00:00:00 2001
From: Lesley Kimmel <lesley.j.kimmel.ctr@mail.mil>
Date: Wed, 19 Sep 2018 11:01:48 -0500
Subject: [PATCH 1/3] Updated to allow for multiple 'applications' to add users
 to cron.allow and cron.deny via a defined type (cron::allow_deny_fragment).

---
 manifests/allow_deny_fragment.pp        | 18 ++++++++++++++++
 manifests/init.pp                       | 28 +++++++++++++++++++------
 templates/_cron_allow_deny_fragment.erb |  5 +++++
 templates/_cron_allow_deny_header.erb   |  2 ++
 4 files changed, 47 insertions(+), 6 deletions(-)
 create mode 100644 manifests/allow_deny_fragment.pp
 create mode 100644 templates/_cron_allow_deny_fragment.erb
 create mode 100644 templates/_cron_allow_deny_header.erb

diff --git a/manifests/allow_deny_fragment.pp b/manifests/allow_deny_fragment.pp
new file mode 100644
index 0000000..6a074b1
--- /dev/null
+++ b/manifests/allow_deny_fragment.pp
@@ -0,0 +1,18 @@
+define cron::allow_deny_fragment (
+  $users,
+  $type,
+) {
+  validate_re($type, ['^allow$','^deny$'])
+  validate_array($users)
+
+  $target = $type ? {
+    'allow' => $cron::cron_allow_path,
+    'deny'  => $cron::cron_deny_path,
+  }
+
+  concat::fragment { $name:
+    target  => $target,
+    order   => '02',
+    content => template('cron/_cron_allow_deny_fragment.erb'),
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index 9d36649..07a18c7 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -173,9 +173,17 @@
   }
   if $cron_allow_users != undef {
     validate_array($cron_allow_users)
+    cron::allow_deny_fragment { 'Initial cron.allow users':
+      type  => 'allow',
+      users => $cron_allow_users,
+    }
   }
   if $cron_deny_users != undef {
     validate_array($cron_deny_users)
+    cron::allow_deny_fragment { 'Initial cron.deny users':
+      type  => 'deny',
+      users => $cron_deny_users,
+    }
   }
 
   if $crontab_tasks != undef {
@@ -219,22 +227,30 @@
     "cron::cron_deny_mode is <${cron_deny_mode}> and must be a valid four digit mode in octal notation.")
   # End of validation
 
-  file { 'cron_allow':
+  # Initialize cron.allow
+  concat { $cron_allow_path:
     ensure  => $cron_allow,
-    path    => $cron_allow_path,
     owner   => $cron_allow_owner,
     group   => $cron_allow_group,
     mode    => $cron_allow_mode,
-    content => template('cron/cron_allow.erb'),
+  }
+  concat::fragment { "${cron_allow_path} header":
+    target => $cron_allow_path,
+    order  => '01',
+    content => template('cron/_cron_allow_deny_header.erb'),
   }
 
-  file { 'cron_deny':
+  # Initialize cron.deny
+  concat { $cron_deny_path:
     ensure  => $cron_deny,
-    path    => $cron_deny_path,
     owner   => $cron_deny_owner,
     group   => $cron_deny_group,
     mode    => $cron_deny_mode,
-    content => template('cron/cron_deny.erb'),
+  }
+  concat::fragment { "${cron_deny_path} header":
+    target => $cron_deny_path,
+    order  => '01',
+    content => template('cron/_cron_allow_deny_header.erb'),
   }
 
   package { $package_name_array:
diff --git a/templates/_cron_allow_deny_fragment.erb b/templates/_cron_allow_deny_fragment.erb
new file mode 100644
index 0000000..881dc28
--- /dev/null
+++ b/templates/_cron_allow_deny_fragment.erb
@@ -0,0 +1,5 @@
+
+# <%= @name %>
+<% [@users].flatten.each do |user| -%>
+<%= user %>
+<% end -%>
diff --git a/templates/_cron_allow_deny_header.erb b/templates/_cron_allow_deny_header.erb
new file mode 100644
index 0000000..fc78652
--- /dev/null
+++ b/templates/_cron_allow_deny_header.erb
@@ -0,0 +1,2 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT

From bbababaadbf3bcb0f00aaffcce25657d3e7b48bb Mon Sep 17 00:00:00 2001
From: Lesley Kimmel <lesley.j.kimmel.ctr@mail.mil>
Date: Wed, 19 Sep 2018 12:37:04 -0500
Subject: [PATCH 2/3] Fixed small typo.

---
 manifests/init.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 07a18c7..3be7c42 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -256,8 +256,8 @@
   package { $package_name_array:
     ensure => $package_ensure,
     before => [
-      File[cron_allow],
-      File[cron_deny],
+      Concat[$cron_allow_path],
+      Concat[$cron_deny_path],
       File[crontab],
       File[cron_d],
       File[cron_hourly],

From 14f059fbd75dcdf5f563bec039d1c49d8b6b3d7a Mon Sep 17 00:00:00 2001
From: Lesley Kimmel <lesley.j.kimmel.ctr@mail.mil>
Date: Wed, 19 Sep 2018 13:10:33 -0500
Subject: [PATCH 3/3] Include the base class from the defined type.

---
 manifests/allow_deny_fragment.pp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manifests/allow_deny_fragment.pp b/manifests/allow_deny_fragment.pp
index 6a074b1..d83be5b 100644
--- a/manifests/allow_deny_fragment.pp
+++ b/manifests/allow_deny_fragment.pp
@@ -2,6 +2,8 @@
   $users,
   $type,
 ) {
+  include cron
+
   validate_re($type, ['^allow$','^deny$'])
   validate_array($users)