Migrate ERB templates to EPP

Fixes #152

Author: silug

CHANGELOG

@@ -1,3 +1,6 @@
+* Tue Sep 23 2025 Steven Pritchard <[email protected]> - 7.14.0
+- Migrate ERB templates to EPP (#152)
+
 * Wed Jun 11 2025 Chris Tessmer <[email protected]> - 7.13.1
 - Fix rubocop issues
 

manifests/domain.pp

@@ -123,8 +123,55 @@
   Optional[String]                           $ldap_user_search_filter      = undef,
   Optional[Hash]                             $custom_options               = undef
 ) {
-
   sssd::config::entry { "puppet_domain_${name}":
-    content => template('sssd/domain.erb')
+    content => epp(
+      'sssd/domain.epp',
+      {
+        'id_provider'                  => $id_provider,
+        'debug_level'                  => $debug_level,
+        'debug_timestamps'             => $debug_timestamps,
+        'debug_microseconds'           => $debug_microseconds,
+        'description'                  => $description,
+        'min_id'                       => $min_id,
+        'max_id'                       => $max_id,
+        'enumerate'                    => $enumerate,
+        'subdomain_enumerate'          => $subdomain_enumerate,
+        'force_timeout'                => $force_timeout,
+        'entry_cache_timeout'          => $entry_cache_timeout,
+        'entry_cache_user_timeout'     => $entry_cache_user_timeout,
+        'entry_cache_group_timeout'    => $entry_cache_group_timeout,
+        'entry_cache_netgroup_timeout' => $entry_cache_netgroup_timeout,
+        'entry_cache_service_timeout'  => $entry_cache_service_timeout,
+        'entry_cache_sudo_timeout'     => $entry_cache_sudo_timeout,
+        'entry_cache_autofs_timeout'   => $entry_cache_autofs_timeout,
+        'entry_cache_ssh_host_timeout' => $entry_cache_ssh_host_timeout,
+        'refresh_expired_interval'     => $refresh_expired_interval,
+        'cache_credentials'            => $cache_credentials,
+        'account_cache_expiration'     => $account_cache_expiration,
+        'pwd_expiration_warning'       => $pwd_expiration_warning,
+        'use_fully_qualified_names'    => $use_fully_qualified_names,
+        'ignore_group_members'         => $ignore_group_members,
+        'access_provider'              => $access_provider,
+        'auth_provider'                => $auth_provider,
+        'chpass_provider'              => $chpass_provider,
+        'sudo_provider'                => $sudo_provider,
+        'selinux_provider'             => $selinux_provider,
+        'subdomains_provider'          => $subdomains_provider,
+        'autofs_provider'              => $autofs_provider,
+        'hostid_provider'              => $hostid_provider,
+        're_expression'                => $re_expression,
+        'full_name_format'             => $full_name_format,
+        'lookup_family_order'          => $lookup_family_order,
+        'dns_resolver_timeout'         => $dns_resolver_timeout,
+        'dns_discovery_domain'         => $dns_discovery_domain,
+        'override_gid'                 => $override_gid,
+        'case_sensitive'               => $case_sensitive,
+        'proxy_fast_alias'             => $proxy_fast_alias,
+        'realmd_tags'                  => $realmd_tags,
+        'proxy_pam_target'             => $proxy_pam_target,
+        'proxy_lib_name'               => $proxy_lib_name,
+        'ldap_user_search_filter'      => $ldap_user_search_filter,
+      },
+    )
   }
 }

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "simp-sssd",
-  "version": "7.13.1",
+  "version": "7.14.0",
   "author": "SIMP Team",
   "summary": "Manages SSSD",
   "license": "Apache-2.0",

templates/domain.epp

@@ -0,0 +1,159 @@
+<% |
+  Sssd::IdProvider                           $id_provider,
+  Optional[Sssd::DebugLevel]                 $debug_level,
+  Boolean                                    $debug_timestamps,
+  Boolean                                    $debug_microseconds,
+  Optional[String]                           $description,
+  Integer[0]                                 $min_id,
+  Integer[0]                                 $max_id,
+  Boolean                                    $enumerate,
+  Boolean                                    $subdomain_enumerate,
+  Optional[Integer]                          $force_timeout,
+  Optional[Integer]                          $entry_cache_timeout,
+  Optional[Integer]                          $entry_cache_user_timeout,
+  Optional[Integer]                          $entry_cache_group_timeout,
+  Optional[Integer]                          $entry_cache_netgroup_timeout,
+  Optional[Integer]                          $entry_cache_service_timeout,
+  Optional[Integer]                          $entry_cache_sudo_timeout,
+  Optional[Integer]                          $entry_cache_autofs_timeout,
+  Optional[Integer]                          $entry_cache_ssh_host_timeout,
+  Optional[Integer]                          $refresh_expired_interval,
+  Boolean                                    $cache_credentials,
+  Integer[0]                                 $account_cache_expiration,
+  Optional[Integer[0]]                       $pwd_expiration_warning,
+  Boolean                                    $use_fully_qualified_names,
+  Boolean                                    $ignore_group_members,
+  Optional[Sssd::AccessProvider]             $access_provider,
+  Optional[Sssd::AuthProvider]               $auth_provider,
+  Optional[Sssd::ChpassProvider]             $chpass_provider,
+  Optional[Enum['ldap', 'ipa','ad','none']]  $sudo_provider,
+  Optional[Enum['ipa', 'none']]              $selinux_provider,
+  Optional[Enum['ipa', 'ad','none']]         $subdomains_provider,
+  Optional[Enum['ad', 'ldap', 'ipa','none']] $autofs_provider,
+  Optional[Enum['ipa', 'none']]              $hostid_provider,
+  Optional[String]                           $re_expression,
+  Optional[String]                           $full_name_format,
+  Optional[String]                           $lookup_family_order,
+  Integer[0]                                 $dns_resolver_timeout,
+  Optional[String]                           $dns_discovery_domain,
+  Optional[String]                           $override_gid,
+  Variant[Boolean,Enum['preserving']]        $case_sensitive,
+  Boolean                                    $proxy_fast_alias,
+  Optional[String]                           $realmd_tags,
+  Optional[String]                           $proxy_pam_target,
+  Optional[String]                           $proxy_lib_name,
+  Optional[String]                           $ldap_user_search_filter,
+  Optional[Hash]                             $custom_options,
+| -%>
+
+# sssd::domain <%= $name %>
+[domain/<%= $name %>]
+<% if $debug_level { -%>
+debug_level = <%= $debug_level %>
+<% } -%>
+debug_timestamps = <%= $debug_timestamps %>
+debug_microseconds = <%= $debug_microseconds %>
+<% if $description { -%>
+description = <%= $description %>
+<% } -%>
+min_id = <%= $min_id %>
+max_id = <%= $max_id %>
+enumerate = <%= $enumerate %>
+<% if $subdomain_enumerate { -%>
+subdomain_enumerate = <%= $subdomain_enumerate %>
+<% } -%>
+<% if $force_timeout { -%>
+force_timeout = <%= $force_timeout %>
+<% } -%>
+<% if $entry_cache_timeout { -%>
+entry_cache_timeout = <%= $entry_cache_timeout %>
+<% } -%>
+<% if $entry_cache_user_timeout { -%>
+entry_cache_user_timeout = <%= $entry_cache_user_timeout %>
+<% } -%>
+<% if $entry_cache_group_timeout { -%>
+entry_cache_group_timeout = <%= $entry_cache_group_timeout %>
+<% } -%>
+<% if $entry_cache_netgroup_timeout { -%>
+entry_cache_netgroup_timeout = <%= $entry_cache_netgroup_timeout %>
+<% } -%>
+<% if $entry_cache_service_timeout { -%>
+entry_cache_service_timeout = <%= $entry_cache_service_timeout %>
+<% } -%>
+<% if $entry_cache_sudo_timeout { -%>
+entry_cache_sudo_timeout = <%= $entry_cache_sudo_timeout %>
+<% } -%>
+<% if $entry_cache_autofs_timeout { -%>
+entry_cache_autofs_timeout = <%= $entry_cache_autofs_timeout %>
+<% } -%>
+<% if $entry_cache_ssh_host_timeout { -%>
+entry_cache_ssh_host_timeout = <%= $entry_cache_ssh_host_timeout %>
+<% } -%>
+<% if $refresh_expired_interval { -%>
+refresh_expired_interval = <%= $refresh_expired_interval %>
+<% } -%>
+cache_credentials = <%= $cache_credentials %>
+account_cache_expiration = <%= $account_cache_expiration %>
+<% if $pwd_expiration_warning { -%>
+pwd_expiration_warning = <%= $pwd_expiration_warning %>
+<% } -%>
+use_fully_qualified_names = <%= $use_fully_qualified_names %>
+ignore_group_members = <%= $ignore_group_members %>
+id_provider = <%= $id_provider %>
+<% if $auth_provider { -%>
+auth_provider = <%= $auth_provider %>
+<% } -%>
+<% if $access_provider { -%>
+access_provider = <%= $access_provider %>
+<% } -%>
+<% if $chpass_provider { -%>
+chpass_provider = <%= $chpass_provider %>
+<% } -%>
+<% if $sudo_provider { -%>
+sudo_provider = <%= $sudo_provider %>
+<% } -%>
+<% if $selinux_provider { -%>
+selinux_provider = <%= $selinux_provider %>
+<% } -%>
+<% if $subdomains_provider { -%>
+subdomains_provider = <%= $subdomains_provider %>
+<% } -%>
+<% if $autofs_provider { -%>
+autofs_provider = <%= $autofs_provider %>
+<% } -%>
+<% if $hostid_provider { -%>
+hostid_provider = <%= $hostid_provider %>
+<% } -%>
+<% if $re_expression { -%>
+re_expression = <%= $re_expression %>
+<% } -%>
+<% if $full_name_format { -%>
+full_name_format = <%= $full_name_format %>
+<% } -%>
+<% if $lookup_family_order { -%>
+lookup_family_order = <%= $lookup_family_order %>
+<% } -%>
+dns_resolver_timeout = <%= $dns_resolver_timeout %>
+<% if $dns_discovery_domain { -%>
+dns_discovery_domain = <%= $dns_discovery_domain %>
+<% } -%>
+<% if $override_gid { -%>
+override_gid = <%= $override_gid %>
+<% } -%>
+case_sensitive = <%= $case_sensitive %>
+proxy_fast_alias = <%= $proxy_fast_alias %>
+<% if $realmd_tags { -%>
+realmd_tags = <%= $realmd_tags %>
+<% } -%>
+<% if $ldap_user_search_filter { -%>
+ldap_user_search_filter = <%= $ldap_user_search_filter %>
+<% } -%>
+<% if $proxy_pam_target { -%>
+proxy_pam_target = <%= $proxy_pam_target %>
+<% } -%>
+<% if $proxy_lib_name { -%>
+proxy_lib_name = <%= $proxy_lib_name %>
+<% } -%>
+<% $custom_options.each |$opt, $value| { -%>
+<%= $opt %> = <%= $value %>
+<% } -%>