Allow to pass a list of LDAP servers

Change-Id: Ie1670bb591e0c76fdf1e00cf783149324c9890ce Closes-Bug: #1624002
2016-09-26 15:18:56 +02:00 · 2016-09-26 15:18:56 +02:00 · ce21fa8ed5
parent 46bada8ee6
commit ce21fa8ed5
2 changed files with 32 additions and 3 deletions
--- a/deployment_scripts/puppet/modules/lma_logging_analytics/manifests/kibana_authentication.pp
+++ b/deployment_scripts/puppet/modules/lma_logging_analytics/manifests/kibana_authentication.pp
@ -49,6 +49,9 @@ class lma_logging_analytics::kibana_authentication (
    if empty($ldap_servers) {
      fail('ldap_servers list parameter is empty')
    }
+    if ! is_array($ldap_servers) {
+      fail('ldap_servers list parameter must be an array')
+    }
    if ! $ldap_port { fail('Missing ldap_port parameter')}
    if ! $ldap_protocol { fail('Missing ldap_protocol parameter')}
    if ! $ldap_bind_dn { fail('Missing ldap_bind_dn parameter')}
@ -68,9 +71,8 @@ class lma_logging_analytics::kibana_authentication (
    $apache_modules = concat($default_apache_modules, ['ldap', 'authnz_ldap'])

    # LDAP url is used by apache::custom_config
-    $ldap_urls = suffix($ldap_servers, ":${ldap_port}/${ldap_user_search_base_dns}?${ldap_user_attribute}?sub?${ldap_user_search_filter}")
-
-    $ldap_url = join($ldap_urls, ' ')
+    $ldap_servers_url = join(suffix($ldap_servers, ":${ldap_port}"), ' ')
+    $ldap_url = "${ldap_servers_url}/${ldap_user_search_base_dns}?${ldap_user_attribute}?sub?${ldap_user_search_filter}"
  } else {
    $apache_modules = $default_apache_modules
  }
--- a/deployment_scripts/puppet/modules/lma_logging_analytics/spec/classes/lma_logging_analytics_kibana_authentication_spec.rb
+++ b/deployment_scripts/puppet/modules/lma_logging_analytics/spec/classes/lma_logging_analytics_kibana_authentication_spec.rb
@ -35,6 +35,7 @@ describe 'lma_logging_analytics::kibana_authentication' do
          should contain_file('/etc/apache2/kibana.htpasswd')
        }
    end
+
    describe 'ldap parameters' do
        let(:params) do
            {:listen_address => '127.0.0.1', :listen_port => 80,
@ -59,6 +60,32 @@ describe 'lma_logging_analytics::kibana_authentication' do
          should contain_file('/etc/apache2/kibana.htpasswd')
        }
    end
+
+    describe 'ldap parameters with several ldap servers' do
+        let(:params) do
+            {:listen_address => '127.0.0.1', :listen_port => 80,
+             :kibana_address  => '127.0.0.1', :kibana_port => 5106,
+             :username => 'foouser', :password => 'foopass',
+             :ldap_enabled => true,
+             :ldap_protocol => 'ldap',
+             :ldap_port => 389,
+             :ldap_servers => ['ldap.foo1.fr', 'ldap.foo2.fr'],
+             :ldap_bind_dn => 'cn=admin,dc=example,dc=com',
+             :ldap_bind_password => 'foopass',
+             :ldap_user_search_base_dns => 'ou=groups,dc=example,dc=com',
+             :ldap_user_search_filter => '(&(objectClass=posixGroup)(memberUid=%s))',
+             :ldap_user_attribute => 'uid',
+            }
+        end
+
+        it {
+          should contain_class('apache')
+          should contain_apache__custom_config('kibana-proxy').
+              with_content(/ldap:\/\/ldap.foo1.fr:389 ldap.foo2.fr:389/)
+          should contain_htpasswd('foouser')
+        }
+    end
+
    describe 'ldap parameters are missing' do
        let(:params) do
            {:listen_address => '127.0.0.1', :listen_port => 80,