Rework openldap::server::database interface for the limits parameter

Similar to the work on the `syncrepl` parameter, adjust the interface to use a well-defined Puppet structure to help writing manifests easier to read.
voxpupuli · Mar 30, 2024 · 73ac375 · 73ac375
1 parent c630df5
commit 73ac375
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 9 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -51,6 +51,7 @@
 * [`Openldap::Access_title`](#Openldap--Access_title): A valid title for an openldap::server::access resource
 * [`Openldap::Attribute`](#Openldap--Attribute): An LDAP attribute in the form "key: value"
 * [`Openldap::Attributes`](#Openldap--Attributes): A set of LDAP attributes
+* [`Openldap::Limits`](#Openldap--Limits): Limits for clients
 * [`Openldap::Tls_moznss_compatibility`](#Openldap--Tls_moznss_compatibility): The list of possible values TLS_MOZNSS_COMPATIBILITY can have (based on the man page), and an 'absent' (a puppet directive to remove an exist
 
 ## Classes
@@ -1015,11 +1016,11 @@ Default value: `undef`
 
 ##### <a name="-openldap--server--database--limits"></a>`limits`
 
-Data type: `Array[String[1]]`
+Data type: `Openldap::Limits`
 
 
 
-Default value: `[]`
+Default value: `{}`
 
 ##### <a name="-openldap--server--database--dboptions"></a>`dboptions`
 
@@ -1800,6 +1801,34 @@ Variant[Hash[
   ], Openldap::Attribute]
 ```
 
+### <a name="Openldap--Limits"></a>`Openldap::Limits`
+
+Limits for clients
+
+* **See also**
+  * https://www.openldap.org/doc/admin26/limits.html
+
+Alias of
+
+```puppet
+Hash[String[1], Struct[
+    {
+      # Specify time limits
+      Optional['time']           => Variant[Integer[0], Enum['unlimited']],
+      Optional['time.soft']      => Variant[Integer[0], Enum['unlimited']],
+      Optional['time.hard']      => Variant[Integer[0], Enum['unlimited']],
+      # Specifying size limits
+      Optional['size']           => Variant[Integer[0], Enum['unlimited']],
+      Optional['size.soft']      => Variant[Integer[0], Enum['unlimited']],
+      Optional['size.hard']      => Variant[Integer[0], Enum['unlimited']],
+      Optional['size.unchecked'] => Variant[Integer[0], Enum['disabled', 'unlimited']],
+      # Size limits and Paged Results
+      Optional['size.pr']        => Variant[Integer[0], Enum['noEstimate', 'unlimited']],
+      Optional['size.prtotal']   => Variant[Integer[0], Enum['disabled', 'unlimited']],
+    },
+  ]]
+```
+
 ### <a name="Openldap--Tls_moznss_compatibility"></a>`Openldap::Tls_moznss_compatibility`
 
 The list of possible values TLS_MOZNSS_COMPATIBILITY can have (based on the man page), and an 'absent' (a puppet directive to remove an existing declaration).

diff --git a/manifests/server/database.pp b/manifests/server/database.pp
@@ -13,7 +13,7 @@
   Optional[String[1]]                           $dbmaxsize       = undef,
   Optional[String[1]]                           $timelimit       = undef,
   Optional[String[1]]                           $updateref       = undef,
-  Array[String[1]]                              $limits          = [],
+  Openldap::Limits                              $limits          = {},
   # BDB/HDB options
   Hash[String[1],Variant[String[1],Array[String[1]]]] $dboptions = {},
   Optional[String[1]]                           $synctype        = undef,
@@ -88,7 +88,7 @@
     multiprovider   => $multiprovider,
     syncusesubentry => $syncusesubentry,
     syncrepl        => $syncrepl,
-    limits          => $limits,
+    limits          => $limits.map |$selector, $limits| { "${selector} ${limits.map |$k, $v| { "${k}=${v}" }.join(' ')}" },
     security        => $security,
   }
 }
diff --git a/spec/defines/openldap_server_database_spec.rb b/spec/defines/openldap_server_database_spec.rb
@@ -37,11 +37,11 @@
                 dbmaxsize: '10000',
                 timelimit: '10000',
                 updateref: 'default_updateref',
-                limits: [
-                  'dn.exact="cn=anyuser,dc=example,dc=org" size=100000',
-                  'dn.exact="cn=personnel,dc=example,dc=org" size=unlimited',
-                  'dn.exact="cn=dirsync,dc=example,dc=org" size=100000'
-                ],
+                limits: {
+                  'dn.exact="cn=anyuser,dc=example,dc=org"'   => { size: 100_000 },
+                  'dn.exact="cn=personnel,dc=example,dc=org"' => { size: 'unlimited' },
+                  'dn.exact="cn=dirsync,dc=example,dc=org"'   => { size: 100_000 }
+                },
                 dboptions: {
                   config: [
                     'set_cachesize 0 10485760 0',

diff --git a/types/limits.pp b/types/limits.pp
@@ -0,0 +1,22 @@
+# @summary Limits for clients
+#
+# @see https://www.openldap.org/doc/admin26/limits.html
+type Openldap::Limits = Hash[
+  String[1],
+  Struct[
+    {
+      # Specify time limits
+      Optional['time']           => Variant[Integer[0], Enum['unlimited']],
+      Optional['time.soft']      => Variant[Integer[0], Enum['unlimited']],
+      Optional['time.hard']      => Variant[Integer[0], Enum['unlimited']],
+      # Specifying size limits
+      Optional['size']           => Variant[Integer[0], Enum['unlimited']],
+      Optional['size.soft']      => Variant[Integer[0], Enum['unlimited']],
+      Optional['size.hard']      => Variant[Integer[0], Enum['unlimited']],
+      Optional['size.unchecked'] => Variant[Integer[0], Enum['disabled', 'unlimited']],
+      # Size limits and Paged Results
+      Optional['size.pr']        => Variant[Integer[0], Enum['noEstimate', 'unlimited']],
+      Optional['size.prtotal']   => Variant[Integer[0], Enum['disabled', 'unlimited']],
+    },
+  ],
+]