Refactor ipa and nss templates

Author: silug

manifests/provider/ipa.pp

@@ -75,48 +75,93 @@
   Array[String]                  $ldap_tls_cipher_suite          = ['HIGH','-SSLv2'],
   Boolean                        $use_service_discovery          = true,
 ) {
-  if $use_service_discovery {
-    $_ipa_server = ['_srv_'] + $ipa_server
-  }
-  else {
-    $_ipa_server = $ipa_server
+  # Build configuration lines in order (matching expected test output)
+  # IPA domain configuration (required)
+  $ipa_domain_line = ["ipa_domain = ${ipa_domain}"]
+
+  # IPA server configuration with service discovery logic
+  $ipa_server_line = $use_service_discovery ? {
+    true => ["ipa_server = _srv_,${ipa_server.join(',')}"],
+    false => ["ipa_server = ${ipa_server.join(',')}"]
   }
 
+  # IPA backup server configuration (optional)
+  $ipa_backup_server_line = $ipa_backup_server ? { undef => [], default => ["ipa_backup_server = ${ipa_backup_server.join(',')}"] }
+
+  # IPA boolean settings (required)
+  $ipa_enable_dns_sites_line = ["ipa_enable_dns_sites = ${ipa_enable_dns_sites}"]
+  $ipa_hostname_line = ["ipa_hostname = ${ipa_hostname}"]
+  $ipa_server_mode_line = ["ipa_server_mode = ${ipa_server_mode}"]
+
+  # Dynamic DNS settings
+  $dyndns_auth_line = ["dyndns_auth = ${dyndns_auth}"]
+  $dyndns_force_tcp_line = $dyndns_force_tcp ? { undef => [], default => ["dyndns_force_tcp = ${dyndns_force_tcp}"] }
+  $dyndns_iface_line = $dyndns_iface ? { undef => [], default => ["dyndns_iface = ${dyndns_iface.join(',')}"] }
+  $dyndns_refresh_interval_line = $dyndns_refresh_interval ? { undef => [], default => ["dyndns_refresh_interval = ${dyndns_refresh_interval}"] }
+  $dyndns_server_line = $dyndns_server ? { undef => [], default => ["dyndns_server = ${dyndns_server}"] }
+  $dyndns_ttl_line = $dyndns_ttl ? { undef => [], default => ["dyndns_ttl = ${dyndns_ttl}"] }
+  $dyndns_update_line = ["dyndns_update = ${dyndns_update}"]
+  $dyndns_update_ptr_line = $dyndns_update_ptr ? { undef => [], default => ["dyndns_update_ptr = ${dyndns_update_ptr}"] }
+
+  # IPA-specific optional settings
+  $ipa_automount_location_line = $ipa_automount_location ? { undef => [], default => ["ipa_automount_location = ${ipa_automount_location}"] }
+  $ipa_hbac_refresh_line = $ipa_hbac_refresh ? { undef => [], default => ["ipa_hbac_refresh = ${ipa_hbac_refresh}"] }
+  $ipa_hbac_search_base_line = $ipa_hbac_search_base ? { undef => [], default => ["ipa_hbac_search_base = ${ipa_hbac_search_base}"] }
+  $ipa_hbac_selinux_line = $ipa_hbac_selinux ? { undef => [], default => ["ipa_hbac_selinux = ${ipa_hbac_selinux}"] }
+  $ipa_host_search_base_line = $ipa_host_search_base ? { undef => [], default => ["ipa_host_search_base = ${ipa_host_search_base}"] }
+  $ipa_master_domains_search_base_line = $ipa_master_domains_search_base ? { undef => [], default => ["ipa_master_domains_search_base = ${ipa_master_domains_search_base}"] }
+  $ipa_selinux_search_base_line = $ipa_selinux_search_base ? { undef => [], default => ["ipa_selinux_search_base = ${ipa_selinux_search_base}"] }
+  $ipa_subdomains_search_base_line = $ipa_subdomains_search_base ? { undef => [], default => ["ipa_subdomains_search_base = ${ipa_subdomains_search_base}"] }
+  $ipa_views_search_base_line = $ipa_views_search_base ? { undef => [], default => ["ipa_views_search_base = ${ipa_views_search_base}"] }
+
+  # Kerberos settings
+  $krb5_confd_path_line = $krb5_confd_path ? { undef => [], default => ["krb5_confd_path = ${krb5_confd_path}"] }
+  $krb5_realm_line = $krb5_realm ? { undef => [], default => ["krb5_realm = ${krb5_realm}"] }
+  $krb5_store_password_if_offline_line = ["krb5_store_password_if_offline = ${krb5_store_password_if_offline}"]
+
+  # LDAP TLS settings (required)
+  $ldap_tls_cacert_line = ["ldap_tls_cacert = ${ldap_tls_cacert}"]
+  $ldap_tls_cipher_suite_line = ["ldap_tls_cipher_suite = ${ldap_tls_cipher_suite.join(':')}"]
+
+  # Combine all lines in order
+  $config_lines = (
+    $ipa_domain_line +
+    $ipa_server_line +
+    $ipa_backup_server_line +
+    $ipa_enable_dns_sites_line +
+    $ipa_hostname_line +
+    $ipa_server_mode_line +
+    $dyndns_auth_line +
+    $dyndns_force_tcp_line +
+    $dyndns_iface_line +
+    $dyndns_refresh_interval_line +
+    $dyndns_server_line +
+    $dyndns_ttl_line +
+    $dyndns_update_line +
+    $dyndns_update_ptr_line +
+    $ipa_automount_location_line +
+    $ipa_hbac_refresh_line +
+    $ipa_hbac_search_base_line +
+    $ipa_hbac_selinux_line +
+    $ipa_host_search_base_line +
+    $ipa_master_domains_search_base_line +
+    $ipa_selinux_search_base_line +
+    $ipa_subdomains_search_base_line +
+    $ipa_views_search_base_line +
+    $krb5_confd_path_line +
+    $krb5_realm_line +
+    $krb5_store_password_if_offline_line +
+    $ldap_tls_cacert_line +
+    $ldap_tls_cipher_suite_line
+  )
+
+  # Join all configuration lines
+  $content = $config_lines.join("\n")
+
   sssd::config::entry { "puppet_provider_${name}_ipa":
-    content => epp(
-      "${module_name}/provider/ipa.epp",
-      {
-        'title'                          => $title,
-        'ipa_domain'                     => $ipa_domain,
-        'ipa_server'                     => $ipa_server,
-        'ipa_backup_server'              => $ipa_backup_server,
-        'ipa_enable_dns_sites'           => $ipa_enable_dns_sites,
-        'ipa_hostname'                   => $ipa_hostname,
-        'ipa_server_mode'                => $ipa_server_mode,
-        'dyndns_auth'                    => $dyndns_auth,
-        'dyndns_force_tcp'               => $dyndns_force_tcp,
-        'dyndns_iface'                   => $dyndns_iface,
-        'dyndns_refresh_interval'        => $dyndns_refresh_interval,
-        'dyndns_server'                  => $dyndns_server,
-        'dyndns_ttl'                     => $dyndns_ttl,
-        'dyndns_update'                  => $dyndns_update,
-        'dyndns_update_ptr'              => $dyndns_update_ptr,
-        'ipa_automount_location'         => $ipa_automount_location,
-        'ipa_hbac_refresh'               => $ipa_hbac_refresh,
-        'ipa_hbac_search_base'           => $ipa_hbac_search_base,
-        'ipa_hbac_selinux'               => $ipa_hbac_selinux,
-        'ipa_host_search_base'           => $ipa_host_search_base,
-        'ipa_master_domains_search_base' => $ipa_master_domains_search_base,
-        'ipa_selinux_search_base'        => $ipa_selinux_search_base,
-        'ipa_subdomains_search_base'     => $ipa_subdomains_search_base,
-        'ipa_views_search_base'          => $ipa_views_search_base,
-        'krb5_confd_path'                => $krb5_confd_path,
-        'krb5_realm'                     => $krb5_realm,
-        'krb5_store_password_if_offline' => $krb5_store_password_if_offline,
-        'ldap_tls_cacert'                => $ldap_tls_cacert,
-        'ldap_tls_cipher_suite'          => $ldap_tls_cipher_suite,
-        'use_service_discovery'          => $use_service_discovery,
-      }
-    ),
+    content => epp("${module_name}/provider/ipa.epp", {
+        'title'   => $title,
+        'content' => $content,
+    }),
   }
 }

manifests/service/nss.pp

@@ -62,6 +62,7 @@
   Optional[Hash]               $custom_options                = undef,
 ) {
   if $custom_options {
+    # Use custom options template for backwards compatibility
     $_content = epp(
       "${module_name}/service/custom_options.epp",
       {
@@ -70,32 +71,73 @@
       },
     )
   } else {
-    $_content = epp(
-      "${module_name}/service/nss.epp",
-      {
-        'description'                   => $description,
-        'debug_level'                   => $debug_level,
-        'debug_timestamps'              => $debug_timestamps,
-        'debug_microseconds'            => $debug_microseconds,
-        'reconnection_retries'          => $reconnection_retries,
-        'fd_limit'                      => $fd_limit,
-        'command'                       => $command,
-        'enum_cache_timeout'            => $enum_cache_timeout,
-        'entry_cache_nowait_percentage' => $entry_cache_nowait_percentage,
-        'entry_negative_timeout'        => $entry_negative_timeout,
-        'filter_users'                  => $filter_users,
-        'filter_groups'                 => $filter_groups,
-        'filter_users_in_groups'        => $filter_users_in_groups,
-        'override_homedir'              => $override_homedir,
-        'fallback_homedir'              => $fallback_homedir,
-        'override_shell'                => $override_shell,
-        'vetoed_shells'                 => $vetoed_shells,
-        'default_shell'                 => $default_shell,
-        'get_domains_timeout'           => $get_domains_timeout,
-        'memcache_timeout'              => $memcache_timeout,
-        'user_attributes'               => $user_attributes,
-      },
+    # Build configuration lines in order (matching expected test output)
+    # Debug settings
+    $description_line = $description ? { undef => [], default => ["description = ${description}"] }
+    $debug_level_line = $debug_level ? { undef => [], default => ["debug_level = ${debug_level}"] }
+    $debug_timestamps_line = ["debug_timestamps = ${debug_timestamps}"]
+    $debug_microseconds_line = ["debug_microseconds = ${debug_microseconds}"]
+
+    # Connection settings
+    $reconnection_retries_line = ["reconnection_retries = ${reconnection_retries}"]
+    $fd_limit_line = $fd_limit ? { undef => [], default => ["fd_limit = ${fd_limit}"] }
+    $command_line = $command ? { undef => [], default => ["command = ${command}"] }
+
+    # Cache settings
+    $enum_cache_timeout_line = ["enum_cache_timeout = ${enum_cache_timeout}"]
+    $entry_cache_nowait_percentage_line = ["entry_cache_nowait_percentage = ${entry_cache_nowait_percentage}"]
+    $entry_negative_timeout_line = ["entry_negative_timeout = ${entry_negative_timeout}"]
+
+    # Filter settings
+    $filter_users_line = ["filter_users = ${filter_users}"]
+    $filter_groups_line = ["filter_groups = ${filter_groups}"]
+    $filter_users_in_groups_line = ["filter_users_in_groups = ${filter_users_in_groups}"]
+
+    # Home directory settings
+    $override_homedir_line = $override_homedir ? { undef => [], default => ["override_homedir = ${override_homedir}"] }
+    $fallback_homedir_line = $fallback_homedir ? { undef => [], default => ["fallback_homedir = ${fallback_homedir}"] }
+
+    # Shell settings
+    $override_shell_line = $override_shell ? { undef => [], default => ["override_shell = ${override_shell}"] }
+    $vetoed_shells_line = $vetoed_shells ? { undef => [], default => ["vetoed_shells = ${vetoed_shells}"] }
+    $default_shell_line = $default_shell ? { undef => [], default => ["default_shell = ${default_shell}"] }
+
+    # Timeout and attribute settings
+    $get_domains_timeout_line = $get_domains_timeout ? { undef => [], default => ["get_domains_timeout = ${get_domains_timeout}"] }
+    $memcache_timeout_line = $memcache_timeout ? { undef => [], default => ["memcache_timeout = ${memcache_timeout}"] }
+    $user_attributes_line = $user_attributes ? { undef => [], default => ["user_attributes = ${user_attributes}"] }
+
+    # Combine all lines in order
+    $config_lines = (
+      $description_line +
+      $debug_level_line +
+      $debug_timestamps_line +
+      $debug_microseconds_line +
+      $reconnection_retries_line +
+      $fd_limit_line +
+      $command_line +
+      $enum_cache_timeout_line +
+      $entry_cache_nowait_percentage_line +
+      $entry_negative_timeout_line +
+      $filter_users_line +
+      $filter_groups_line +
+      $filter_users_in_groups_line +
+      $override_homedir_line +
+      $fallback_homedir_line +
+      $override_shell_line +
+      $vetoed_shells_line +
+      $default_shell_line +
+      $get_domains_timeout_line +
+      $memcache_timeout_line +
+      $user_attributes_line
     )
+
+    # Join all configuration lines
+    $content = $config_lines.join("\n")
+
+    $_content = epp("${module_name}/service/nss.epp", {
+        'content' => $content,
+    })
   }
 
   sssd::config::entry { 'puppet_service_nss':

templates/provider/ipa.epp

@@ -1,102 +1,7 @@
 <% |
-  String                         $title,
-  String[1]                      $ipa_domain,
-  Array[Simplib::Host]           $ipa_server,
-  Optional[Array[Simplib::Host]] $ipa_backup_server,
-  Boolean                        $ipa_enable_dns_sites,
-  Simplib::Hostname              $ipa_hostname,
-  Boolean                        $ipa_server_mode,
-  Enum['none','GSS-TSIG']        $dyndns_auth,
-  Optional[Boolean]              $dyndns_force_tcp,
-  Optional[Array[String[1]]]     $dyndns_iface,
-  Optional[Integer[0]]           $dyndns_refresh_interval,
-  Optional[Simplib::Host]        $dyndns_server,
-  Optional[Integer[0]]           $dyndns_ttl,
-  Boolean                        $dyndns_update,
-  Optional[Boolean]              $dyndns_update_ptr,
-  Optional[String]               $ipa_automount_location,
-  Optional[Integer[0]]           $ipa_hbac_refresh,
-  Optional[String]               $ipa_hbac_search_base,
-  Optional[Integer[0]]           $ipa_hbac_selinux,
-  Optional[String]               $ipa_host_search_base,
-  Optional[String]               $ipa_master_domains_search_base,
-  Optional[String]               $ipa_selinux_search_base,
-  Optional[String]               $ipa_subdomains_search_base,
-  Optional[String]               $ipa_views_search_base,
-  Optional[Stdlib::AbsolutePath] $krb5_confd_path,
-  Optional[String]               $krb5_realm,
-  Boolean                        $krb5_store_password_if_offline,
-  Stdlib::AbsolutePath           $ldap_tls_cacert,
-  Array[String]                  $ldap_tls_cipher_suite,
-  Boolean                        $use_service_discovery,
+  String[1] $title,
+  String[1] $content,
 | -%>
 [domain/<%= $title %>]
 # sssd::provider::ipa
-ipa_domain = <%= $ipa_domain %>
-<% if $use_service_discovery { -%>
-ipa_server = _srv_,<%= $ipa_server.join(',') %>
-<% } else { -%>
-ipa_server = <%= $ipa_server.join(',') %>
-<% } -%>
-<% unless $ipa_backup_server =~ Undef { -%>
-ipa_backup_server = <%= $ipa_backup_server.join(',') %>
-<% } -%>
-ipa_enable_dns_sites = <%= $ipa_enable_dns_sites %>
-ipa_hostname = <%= $ipa_hostname %>
-ipa_server_mode = <%= $ipa_server_mode %>
-dyndns_auth = <%= $dyndns_auth %>
-<% unless $dyndns_force_tcp =~ Undef { -%>
-dyndns_force_tcp = <%= $dyndns_force_tcp %>
-<% } -%>
-<% unless $dyndns_iface =~ Undef { -%>
-dyndns_iface = <%= $dyndns_iface.join(',') %>
-<% } -%>
-<% unless $dyndns_refresh_interval =~ Undef { -%>
-dyndns_refresh_interval = <%= $dyndns_refresh_interval %>
-<% } -%>
-<% unless $dyndns_server =~ Undef { -%>
-dyndns_server = <%= $dyndns_server %>
-<% } -%>
-<% unless $dyndns_ttl =~ Undef { -%>
-dyndns_ttl = <%= $dyndns_ttl %>
-<% } -%>
-dyndns_update = <%= $dyndns_update %>
-<% unless $dyndns_update_ptr =~ Undef { -%>
-dyndns_update_ptr = <%= $dyndns_update_ptr %>
-<% } -%>
-<% unless $ipa_automount_location =~ Undef { -%>
-ipa_automount_location = <%= $ipa_automount_location %>
-<% } -%>
-<% unless $ipa_hbac_refresh =~ Undef { -%>
-ipa_hbac_refresh = <%= $ipa_hbac_refresh %>
-<% } -%>
-<% unless $ipa_hbac_search_base =~ Undef { -%>
-ipa_hbac_search_base = <%= $ipa_hbac_search_base %>
-<% } -%>
-<% unless $ipa_hbac_selinux =~ Undef { -%>
-ipa_hbac_selinux = <%= $ipa_hbac_selinux %>
-<% } -%>
-<% unless $ipa_host_search_base =~ Undef { -%>
-ipa_host_search_base = <%= $ipa_host_search_base  %>
-<% } -%>
-<% unless $ipa_master_domains_search_base =~ Undef { -%>
-ipa_master_domains_search_base = <%= $ipa_master_domains_search_base %>
-<% } -%>
-<% unless $ipa_selinux_search_base =~ Undef { -%>
-ipa_selinux_search_base = <%= $ipa_selinux_search_base %>
-<% } -%>
-<% unless $ipa_subdomains_search_base =~ Undef { -%>
-ipa_subdomains_search_base = <%= $ipa_subdomains_search_base %>
-<% } -%>
-<% unless $ipa_views_search_base =~ Undef { -%>
-ipa_views_search_base = <%= $ipa_views_search_base %>
-<% } -%>
-<% unless $krb5_confd_path =~ Undef { -%>
-krb5_confd_path = <%= $krb5_confd_path %>
-<% } -%>
-<% unless $krb5_realm =~ Undef { -%>
-krb5_realm = <%= $krb5_realm %>
-<% } -%>
-krb5_store_password_if_offline = <%= $krb5_store_password_if_offline %>
-ldap_tls_cacert = <%= $ldap_tls_cacert %>
-ldap_tls_cipher_suite = <%= $ldap_tls_cipher_suite.join(':') %>
+<%= $content %>