From 4bdb46b5150a90c477f8b643f9c7cdb99d4349f1 Mon Sep 17 00:00:00 2001
From: Greg Cox <gcox@mozilla.com>
Date: Wed, 5 Feb 2025 18:45:11 +0000
Subject: [PATCH] Add chain overlay

---
 lib/puppet/provider/openldap_overlay/olc.rb   |  7 +-
 .../provider/openldap_overlay/olc_spec.rb     | 74 ++++++++++++++++++-
 2 files changed, 79 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/provider/openldap_overlay/olc.rb b/lib/puppet/provider/openldap_overlay/olc.rb
index 88414f34..a2af6050 100644
--- a/lib/puppet/provider/openldap_overlay/olc.rb
+++ b/lib/puppet/provider/openldap_overlay/olc.rb
@@ -69,6 +69,7 @@ def create
       'auditlog'    => 'olcAuditLogConfig',
       'autoca'      => 'olcAutoCAConfig',
       'autogroup'   => 'olcAutomaticGroups',
+      'chain'       => 'olcChainConfig',
       'collect'     => 'olcCollectConfig',
       'constraint'  => 'olcConstraintConfig',
       'dds'         => 'olcDDSConfig',
@@ -115,7 +116,10 @@ def create
   end
 
   def getDn(suffix)
-    if suffix == 'cn=config'
+    case suffix
+    when 'cn=frontend'
+      'olcDatabase={-1}frontend,cn=config'
+    when 'cn=config'
       if resource[:overlay].to_s == 'rwm'
         slapcat('(olcDatabase=relay)').split("\n").map do |line|
           return line.split[1] if line =~ %r{^dn: }
@@ -134,6 +138,7 @@ def self.getSuffix(database)
     found = false
     slapcat("(olcDatabase=#{database})").split("\n").map do |line|
       found = true if line =~ %r{^dn: olcDatabase=#{database.gsub('{', '\{').gsub('}', '\}')},}
+      return 'cn=frontend' if database == '{-1}frontend'
       return 'cn=config' if database == '{0}config'
       return 'cn=config' if database =~ %r{\{\d+\}relay$}
       return line.split[1] if line =~ %r{^olcSuffix: } && found
diff --git a/spec/unit/puppet/provider/openldap_overlay/olc_spec.rb b/spec/unit/puppet/provider/openldap_overlay/olc_spec.rb
index c43943e9..3cc38f79 100644
--- a/spec/unit/puppet/provider/openldap_overlay/olc_spec.rb
+++ b/spec/unit/puppet/provider/openldap_overlay/olc_spec.rb
@@ -56,6 +56,48 @@
         )
       end
     end
+
+    describe 'chain' do
+      before do
+        slapcat_overlay_output = <<~OUTPUT
+          dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
+          objectClass: olcConfig
+          objectClass: olcOverlayConfig
+          objectClass: olcChainConfig
+          olcOverlay: {0}chain
+          olcChainCacheURI: FALSE
+          olcChainMaxReferralDepth: 1
+          olcChainReturnError: TRUE
+        OUTPUT
+        slapcat_db_output = <<~OUTPUT
+          dn: olcDatabase={-1}frontend,cn=config
+          objectClass: olcDatabaseConfig
+          objectClass: olcFrontendConfig
+          olcDatabase: {-1}frontend
+        OUTPUT
+        allow(described_class).to receive(:slapcat).with(
+          '(olcOverlay=*)'
+        ).and_return(slapcat_overlay_output)
+        allow(described_class).to receive(:slapcat).with(
+          '(olcDatabase={-1}frontend)'
+        ).and_return(slapcat_db_output)
+      end
+
+      it 'reads a chain object' do
+        expect(described_class.instances.size).to eq(1)
+        expect(described_class.instances[0].name).to eq('chain on cn=frontend')
+        expect(described_class.instances[0].overlay).to eq('chain')
+        expect(described_class.instances[0].suffix).to eq('cn=frontend')
+        expect(described_class.instances[0].index).to eq(0)
+        expect(described_class.instances[0].options).to eq(
+          {
+            'olcChainCacheURI'         => 'FALSE',
+            'olcChainMaxReferralDepth' => '1',
+            'olcChainReturnError'      => 'TRUE',
+          }
+        )
+      end
+    end
   end
 
   describe 'creating overlay' do
@@ -86,11 +128,14 @@
       allow(tmpfile).to receive(:path).and_return(tmpfile_path)
       allow(IO).to receive(:read).with(tmpfile_path).and_return(tmpfile_content)
       allow(Puppet).to receive(:debug).with(tmpfile_content)
-      allow(provider).to receive(:getDn).and_return('dc=example,dc=com')
       allow(provider).to receive(:ldapmodify)
     end
 
     describe 'when creating' do
+      before do
+        allow(provider).to receive(:getDn).and_return('dc=example,dc=com')
+      end
+
       it 'creates an overlay' do
         provider.create
         expect(tmpfile).to have_received(:<<).with("dn: olcOverlay=memberof,dc=example,dc=com\n")
@@ -101,6 +146,10 @@
     end
 
     describe 'with smbk5pwd' do
+      before do
+        allow(provider).to receive(:getDn).and_return('dc=example,dc=com')
+      end
+
       let(:params) do
         {
           title: 'smbk5pwd on dc=example,dc=com',
@@ -121,6 +170,29 @@
         end
       end
     end
+
+    describe 'with chain' do
+      let(:params) do
+        {
+          title: 'chain on cn=frontend',
+          suffix: 'cn=frontend',
+          options: {
+            'olcChainMaxReferralDepth' => '1',
+          },
+        }
+      end
+
+      describe 'when creating' do
+        it 'creates an overlay' do
+          provider.create
+          expect(tmpfile).to have_received(:<<).with("dn: olcOverlay=chain,olcDatabase={-1}frontend,cn=config\n")
+          expect(tmpfile).to have_received(:<<).with("objectClass: olcChainConfig\n")
+          expect(tmpfile).to have_received(:<<).with("olcOverlay: chain\n")
+          expect(tmpfile).to have_received(:<<).with("olcChainMaxReferralDepth: 1\n")
+          expect(provider).to have_received(:ldapmodify)
+        end
+      end
+    end
   end
 end
 # rubocop:enable RSpec/MultipleMemoizedHelpers