From a8c101c02cceb103bd17ea3b95191d7076fd373f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9lix-Antoine=20Fortin?=
 <felix-antoine.fortin@calculquebec.ca>
Date: Thu, 14 Nov 2024 15:41:34 -0500
Subject: [PATCH] Merge register service account with get keytab in jupyterhub

---
 site/profile/manifests/jupyterhub.pp | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/site/profile/manifests/jupyterhub.pp b/site/profile/manifests/jupyterhub.pp
index 002c44c86..4df6fe7b6 100644
--- a/site/profile/manifests/jupyterhub.pp
+++ b/site/profile/manifests/jupyterhub.pp
@@ -63,21 +63,12 @@
   }
 
   $ipa_passwd = lookup('profile::freeipa::server::admin_password')
-  exec { 'jupyterhub_ipa_service_register':
-    command     => "kinit_wrapper ipa console ${jupyterhub::prefix}/bin/ipa_register_service.py",
-    refreshonly => true,
-    require     => [
-      Exec['jupyterhub_venv'],
-      File["${jupyterhub::prefix}/bin/kinit_wrapper"],
-      Exec['ipa-install'],
-    ],
-    subscribe   => File["${jupyterhub::prefix}/bin/ipa_register_service.py"],
-    environment => ["IPA_ADMIN_PASSWD=${ipa_passwd}"],
-    path        => ['/bin', '/usr/bin', '/sbin','/usr/sbin', "${jupyterhub::prefix}/bin"],
-  }
-
+  $keytab_command = @("EOT")
+    kinit_wrapper ipa console ${jupyterhub::prefix}/bin/ipa_register_service.py && \
+    kinit_wrapper ipa-getkeytab -p jupyterhub/jupyterhub -k /etc/jupyterhub/jupyterhub.keytab
+    |EOT
   exec { 'jupyterhub_keytab':
-    command     => 'kinit_wrapper ipa-getkeytab -p jupyterhub/jupyterhub -k /etc/jupyterhub/jupyterhub.keytab',
+    command     => $keytab_command,
     creates     => '/etc/jupyterhub/jupyterhub.keytab',
     require     => [
       File['/etc/jupyterhub'],
@@ -85,6 +76,7 @@
       Exec['jupyterhub_ipa_service_register'],
       Exec['ipa-install'],
     ],
+    subscribe   => File["${jupyterhub::prefix}/bin/ipa_register_service.py"],
     environment => ["IPA_ADMIN_PASSWD=${ipa_passwd}"],
     path        => ['/bin', '/usr/bin', '/sbin','/usr/sbin', "${jupyterhub::prefix}/bin"],
   }