puppet: Remove in-nagios auth restrictions.

51b985b40d made nagios only accessible from localhost, or as proxied
via teleport.  Remove the HTTP-level auth requirements.

puppet/zulip_ops/manifests/profile/base.pp

@@ -42,9 +42,6 @@ class zulip_ops::profile::base {
     require => Package['linux-image-virtual'],
   }
 
-  # Add system users here
-  $users = []
-
   file { '/etc/apt/apt.conf.d/02periodic':
     ensure => file,
     mode   => '0644',

puppet/zulip_ops/manifests/profile/nagios.pp

@@ -9,7 +9,6 @@ class zulip_ops::profile::nagios {
                       'msmtp',
                       ]
   package { $nagios_packages: ensure => 'installed' }
-  $nagios_format_users = join($zulip_ops::profile::base::users, ',')
   $nagios_alert_email = zulipconf('nagios', 'alert_email', undef)
   $nagios_test_email = zulipconf('nagios', 'test_email', undef)
   $nagios_pager_email = zulipconf('nagios', 'pager_email', undef)

puppet/zulip_ops/templates/nagios3/cgi.cfg.template.erb

@@ -88,7 +88,7 @@ nagios_check_command=/usr/lib/nagios/plugins/check_nagios /var/cache/nagios3/sta
 # authentication (bad idea), while any other value will make them
 # use the authentication functions (the default).
 
-use_authentication=1
+use_authentication=0
 
 
 
@@ -129,7 +129,7 @@ use_ssl_authentication=0
 # not use authorization.  You may use an asterisk (*) to
 # authorize any user who has authenticated to the web server.
 
-authorized_for_system_information=nagiosadmin,<%= @nagios_format_users %>
+authorized_for_system_information=*
 
 
 
@@ -141,7 +141,7 @@ authorized_for_system_information=nagiosadmin,<%= @nagios_format_users %>
 # an asterisk (*) to authorize any user who has authenticated
 # to the web server.
 
-authorized_for_configuration_information=nagiosadmin,<%= @nagios_format_users %>
+authorized_for_configuration_information=*
 
 
 
@@ -154,7 +154,7 @@ authorized_for_configuration_information=nagiosadmin,<%= @nagios_format_users %>
 # You may use an asterisk (*) to authorize any user who has
 # authenticated to the web server.
 
-authorized_for_system_commands=nagiosadmin,<%= @nagios_format_users %>
+authorized_for_system_commands=*
 
 
 
@@ -167,8 +167,8 @@ authorized_for_system_commands=nagiosadmin,<%= @nagios_format_users %>
 # to authorize any user who has authenticated to the web server.
 
 
-authorized_for_all_services=nagiosadmin,<%= @nagios_format_users %>
-authorized_for_all_hosts=nagiosadmin,<%= @nagios_format_users %>
+authorized_for_all_services=*
+authorized_for_all_hosts=*
 
 
 
@@ -181,8 +181,8 @@ authorized_for_all_hosts=nagiosadmin,<%= @nagios_format_users %>
 # authorization).  You may use an asterisk (*) to authorize any
 # user who has authenticated to the web server.
 
-authorized_for_all_service_commands=nagiosadmin,<%= @nagios_format_users %>
-authorized_for_all_host_commands=nagiosadmin,<%= @nagios_format_users %>
+authorized_for_all_service_commands=*
+authorized_for_all_host_commands=*