From d392839d33a752b875c2639ef8ef6bd900c42330 Mon Sep 17 00:00:00 2001
From: Carmen Rata <carmen.rata@windriver.com>
Date: Thu, 22 Sep 2022 04:00:06 +0000
Subject: [PATCH] Add sssd service parameters support in puppet

This commit adds sssd service parameters configuration support
in puppet. The sssd puppet configuration is updated with the remote
ldap domain parameters.
Remote ldap domain parameters get configured with default values and
a subset of the parameters that are specific to an ldap server will
be added and managed using service parameters mechanism.
A maximum of 3 remote ldap domains are supported: ldap-domain1,
ldap-domain2, ldap-domain3.

Tests performed:
PASS: Successful install in and AIO-SX system configuration.
PASS: The remote ldap domain configuration gets populated in
sssd.conf.
PASS: sssd service is successfully started.
PASS: Ldap domain service parameters are added and applied
successfully.
PASS: Verify connection to the new ldap server using ldapsearch
PASS: Veryfy ldap users have been discovered and cached in /etc/passwd
PASS: Verify SSH connection for a remote AD ldap user.

Story: 2009834
Task: 46365
Depends-On: https://review.opendev.org/c/starlingx/config/+/858959

Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
Change-Id: I2537eaaf56fd9e82a894f60ff512cefbaaf2dd34
---
 .../src/modules/platform/manifests/sssd.pp    | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/puppet-manifests/src/modules/platform/manifests/sssd.pp b/puppet-manifests/src/modules/platform/manifests/sssd.pp
index 4777bb3ab..81abe8fb4 100644
--- a/puppet-manifests/src/modules/platform/manifests/sssd.pp
+++ b/puppet-manifests/src/modules/platform/manifests/sssd.pp
@@ -6,6 +6,14 @@ class platform::sssd::params (
   $nss_options = {},
   $pam_options = {},
   $domains = {},
+  $domain_name = undef,
+  $ldap_uri = undef,
+  $ldap_access_filter = undef,
+  $ldap_search_base = undef,
+  $ldap_user_search_base = undef,
+  $ldap_group_search_base = undef,
+  $ldap_default_bind_dn = undef,
+  $ldap_default_authtok = undef,
 ) {}
 
 class platform::sssd::config
@@ -34,3 +42,14 @@ class platform::sssd
   include ::platform::sssd::config
 }
 
+class platform::sssd::domain::runtime
+  inherits ::platform::sssd::params {
+
+  include ::platform::sssd::config
+
+  Class['::platform::sssd::config']
+  -> exec { 'restart sssd service':
+    command => '/usr/bin/systemctl restart sssd.service',
+    onlyif  => "test '${::osfamily }' == 'Debian'",
+  }
+}