feat: add prepared_query capabilities to consul

- add prepared query for:
  - vault
  - puppet
  - puppetca

hieradata/common.yaml

@@ -87,6 +87,9 @@ lookup_options:
   profiles::consul::client::node_rules:
     merge:
       strategy: deep
+  profiles::consul::prepared_query::rules:
+    merge:
+      strategy: deep
 
 facts_path: '/opt/puppetlabs/facter/facts.d'
 

hieradata/roles/infra/storage/consul.yaml

@@ -33,3 +33,23 @@ profiles::nginx::simpleproxy::nginx_aliases:
   - consul.main.unkin.net
 profiles::nginx::simpleproxy::proxy_port: 8500
 profiles::nginx::simpleproxy::proxy_path: '/'
+
+profiles::consul::prepared_query::rules:
+  vault:
+    ensure: 'present'
+    service_name: 'vault'
+    service_failover_n: 3
+    service_only_passing: true
+    ttl: 10
+  puppet:
+    ensure: 'present'
+    service_name: 'puppet'
+    service_failover_n: 3
+    service_only_passing: true
+    ttl: 10
+  puppetca:
+    ensure: 'present'
+    service_name: 'puppetca'
+    service_failover_n: 3
+    service_only_passing: true
+    ttl: 10

site/profiles/manifests/consul/prepared_query.pp

@@ -0,0 +1,14 @@
+# profile::consul::prepared_query
+class profiles::consul::prepared_query (
+  String $root_api_token = lookup('profiles::consul::server::acl_tokens_initial_management'),
+  Hash   $rules = {},
+) {
+
+  $rules.each | $rule, $data | {
+    consul_prepared_query { $rule:
+      acl_api_token => $root_api_token,
+      hostname      => $facts['networking']['ip'],
+      *             => $data,
+    }
+  }
+}

site/profiles/manifests/consul/server.pp

@@ -127,6 +127,7 @@ class profiles::consul::server (
     include profiles::nginx::simpleproxy
     include profiles::consul::policies
     include profiles::consul::tokens
+    include profiles::consul::prepared_query
 
     # get the dns port from the $ports hash, otherwise use the default
     $dns_port = pick($ports['dns'], 8600)