From d5b34c49c452dbf9e50166c3bd3c9cee8b424b0e Mon Sep 17 00:00:00 2001
From: Justin Riley <justin.t.riley@gmail.com>
Date: Thu, 16 Jul 2015 15:00:36 -0400
Subject: [PATCH] add support for populating ldap mapping file

---
 manifests/init.pp                |  1 +
 manifests/oned/sunstone/ldap.pp  | 14 +++++++++++++-
 manifests/params.pp              |  1 +
 templates/ldap_mappings.yaml.erb |  6 ++++++
 4 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 templates/ldap_mappings.yaml.erb

diff --git a/manifests/init.pp b/manifests/init.pp
index c4cbd990..d6f8fd25 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -336,6 +336,7 @@
             $oned_ldap_mapping_generate     = $one::params::oned_ldap_mapping_generate,
             $oned_ldap_mapping_timeout      = $one::params::oned_ldap_mapping_timeout,
             $oned_ldap_mapping_filename     = $one::params::oned_ldap_mapping_filename,
+            $oned_ldap_mappings             = $one::params::oned_ldap_mappings,
             $oned_ldap_mapping_key          = $one::params::oned_ldap_mapping_key,
             $oned_ldap_mapping_default      = $one::params::oned_ldap_mapping_default,
             $one_repo_enable                = $one::params::one_repo_enable,
diff --git a/manifests/oned/sunstone/ldap.pp b/manifests/oned/sunstone/ldap.pp
index 6f3dd4c3..b7df3800 100644
--- a/manifests/oned/sunstone/ldap.pp
+++ b/manifests/oned/sunstone/ldap.pp
@@ -17,7 +17,9 @@
 # http://www.apache.org/licenses/LICENSE-2.0.html
 #
 class one::oned::sunstone::ldap (
-  $oned_sunstone_ldap_pkg = $one::oned_sunstone_ldap_pkg
+  $oned_sunstone_ldap_pkg = $one::oned_sunstone_ldap_pkg,
+  $oned_ldap_mappings = $one::oned_ldap_mappings,
+  $oned_ldap_mapping_filename = $one::oned_ldap_mapping_filename,
 ) {
   package { $oned_sunstone_ldap_pkg:
     ensure => 'latest',
@@ -36,4 +38,14 @@
     content => template('one/ldap_auth.conf.erb'),
     notify  => Service['opennebula'],
   }
+  if $oned_ldap_mappings != undef {
+    validate_hash($oned_ldap_mappings)
+    file { "/var/lib/one/${oned_ldap_mapping_filename}":
+      ensure  => file,
+      owner   => 'oneadmin',
+      group   => 'oneadmin',
+      mode    => '0644',
+      content => template('one/ldap_mappings.yaml.erb'),
+    }
+  }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index 7c666f72..b47200f4 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -46,6 +46,7 @@
   $oned_ldap_mapping_filename = hiera('one::oned::ldap_mapping_filename','undef')
   $oned_ldap_mapping_key = hiera('one::oned::ldap_mapping_key','undef')
   $oned_ldap_mapping_default = hiera('one::oned::ldap_mapping_default','undef')
+  $oned_ldap_mappings = hiera('one::oned::ldap_mappings',undef)
   # should we enable opennebula repos?
   $one_repo_enable = hiera('one::enable_opennebula_repo', 'true' )
   # Which version
diff --git a/templates/ldap_mappings.yaml.erb b/templates/ldap_mappings.yaml.erb
new file mode 100644
index 00000000..aeb1f19d
--- /dev/null
+++ b/templates/ldap_mappings.yaml.erb
@@ -0,0 +1,6 @@
+<%
+# The gsub below is required because of a bug in puppet:
+# https://tickets.puppetlabs.com/browse/PUP-3120
+# Basically it indents the yaml which breaks the whole doc.
+%>
+<%= @oned_ldap_mappings.to_yaml.gsub(/^\s{2}/, '') %>