From 73ac375a8a7b88ee180f96325d133b3c936024a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Sat, 30 Mar 2024 11:34:53 -1000 Subject: [PATCH] Rework `openldap::server::database` interface for the `limits` parameter Similar to the work on the `syncrepl` parameter, adjust the interface to use a well-defined Puppet structure to help writing manifests easier to read. --- REFERENCE.md | 33 +++++++++++++++++-- manifests/server/database.pp | 4 +-- spec/defines/openldap_server_database_spec.rb | 10 +++--- types/limits.pp | 22 +++++++++++++ 4 files changed, 60 insertions(+), 9 deletions(-) create mode 100644 types/limits.pp diff --git a/REFERENCE.md b/REFERENCE.md index 026e11c6..a03356cf 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -51,6 +51,7 @@ * [`Openldap::Access_title`](#Openldap--Access_title): A valid title for an openldap::server::access resource * [`Openldap::Attribute`](#Openldap--Attribute): An LDAP attribute in the form "key: value" * [`Openldap::Attributes`](#Openldap--Attributes): A set of LDAP attributes +* [`Openldap::Limits`](#Openldap--Limits): Limits for clients * [`Openldap::Tls_moznss_compatibility`](#Openldap--Tls_moznss_compatibility): The list of possible values TLS_MOZNSS_COMPATIBILITY can have (based on the man page), and an 'absent' (a puppet directive to remove an exist ## Classes @@ -1015,11 +1016,11 @@ Default value: `undef` ##### `limits` -Data type: `Array[String[1]]` +Data type: `Openldap::Limits` -Default value: `[]` +Default value: `{}` ##### `dboptions` @@ -1800,6 +1801,34 @@ Variant[Hash[ ], Openldap::Attribute] ``` +### `Openldap::Limits` + +Limits for clients + +* **See also** + * https://www.openldap.org/doc/admin26/limits.html + +Alias of + +```puppet +Hash[String[1], Struct[ + { + # Specify time limits + Optional['time'] => Variant[Integer[0], Enum['unlimited']], + Optional['time.soft'] => Variant[Integer[0], Enum['unlimited']], + Optional['time.hard'] => Variant[Integer[0], Enum['unlimited']], + # Specifying size limits + Optional['size'] => Variant[Integer[0], Enum['unlimited']], + Optional['size.soft'] => Variant[Integer[0], Enum['unlimited']], + Optional['size.hard'] => Variant[Integer[0], Enum['unlimited']], + Optional['size.unchecked'] => Variant[Integer[0], Enum['disabled', 'unlimited']], + # Size limits and Paged Results + Optional['size.pr'] => Variant[Integer[0], Enum['noEstimate', 'unlimited']], + Optional['size.prtotal'] => Variant[Integer[0], Enum['disabled', 'unlimited']], + }, + ]] +``` + ### `Openldap::Tls_moznss_compatibility` The list of possible values TLS_MOZNSS_COMPATIBILITY can have (based on the man page), and an 'absent' (a puppet directive to remove an existing declaration). diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 18393606..e086d194 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -13,7 +13,7 @@ Optional[String[1]] $dbmaxsize = undef, Optional[String[1]] $timelimit = undef, Optional[String[1]] $updateref = undef, - Array[String[1]] $limits = [], + Openldap::Limits $limits = {}, # BDB/HDB options Hash[String[1],Variant[String[1],Array[String[1]]]] $dboptions = {}, Optional[String[1]] $synctype = undef, @@ -88,7 +88,7 @@ multiprovider => $multiprovider, syncusesubentry => $syncusesubentry, syncrepl => $syncrepl, - limits => $limits, + limits => $limits.map |$selector, $limits| { "${selector} ${limits.map |$k, $v| { "${k}=${v}" }.join(' ')}" }, security => $security, } } diff --git a/spec/defines/openldap_server_database_spec.rb b/spec/defines/openldap_server_database_spec.rb index 42958ce1..16d35b6e 100644 --- a/spec/defines/openldap_server_database_spec.rb +++ b/spec/defines/openldap_server_database_spec.rb @@ -37,11 +37,11 @@ dbmaxsize: '10000', timelimit: '10000', updateref: 'default_updateref', - limits: [ - 'dn.exact="cn=anyuser,dc=example,dc=org" size=100000', - 'dn.exact="cn=personnel,dc=example,dc=org" size=unlimited', - 'dn.exact="cn=dirsync,dc=example,dc=org" size=100000' - ], + limits: { + 'dn.exact="cn=anyuser,dc=example,dc=org"' => { size: 100_000 }, + 'dn.exact="cn=personnel,dc=example,dc=org"' => { size: 'unlimited' }, + 'dn.exact="cn=dirsync,dc=example,dc=org"' => { size: 100_000 } + }, dboptions: { config: [ 'set_cachesize 0 10485760 0', diff --git a/types/limits.pp b/types/limits.pp new file mode 100644 index 00000000..6537a343 --- /dev/null +++ b/types/limits.pp @@ -0,0 +1,22 @@ +# @summary Limits for clients +# +# @see https://www.openldap.org/doc/admin26/limits.html +type Openldap::Limits = Hash[ + String[1], + Struct[ + { + # Specify time limits + Optional['time'] => Variant[Integer[0], Enum['unlimited']], + Optional['time.soft'] => Variant[Integer[0], Enum['unlimited']], + Optional['time.hard'] => Variant[Integer[0], Enum['unlimited']], + # Specifying size limits + Optional['size'] => Variant[Integer[0], Enum['unlimited']], + Optional['size.soft'] => Variant[Integer[0], Enum['unlimited']], + Optional['size.hard'] => Variant[Integer[0], Enum['unlimited']], + Optional['size.unchecked'] => Variant[Integer[0], Enum['disabled', 'unlimited']], + # Size limits and Paged Results + Optional['size.pr'] => Variant[Integer[0], Enum['noEstimate', 'unlimited']], + Optional['size.prtotal'] => Variant[Integer[0], Enum['disabled', 'unlimited']], + }, + ], +]