1 files changed, 49 insertions, 0 deletions

diff --git a/manifests/auth/ldap.pp b/manifests/auth/ldap.pp
new file mode 100644
index 0000000..7e4472b
--- /dev/null
+++ b/manifests/auth/ldap.pp
@@ -0,0 +1,49 @@
+# @summary Concourse local authentication
+# @param users
+#   List of local users.
+# @param main_team_users
+#   List of users which should be added to the "main" team.
+# @param main_team_group
+#   Ignored, but here to keep the same "API" with the other auth modules.
+class concourse::auth::local (
+  Array[Struct[{
+    'name'   => String,
+    'password' => Variant[String, Sensitive[String]],
+  }]] $users,
+  Optional[Array[String]] $main_team_user,
+  Optional[Array[String]] $main_team_group, # ignored
+  Enum['absent', 'present'] $ensure = 'present',
+) {
+  $env_file = "${concourse::web::conf_dir}/auth-local"
+
+  $environment = {
+    'CONCOURSE_ADD_LOCAL_USER'       => $users.map |$user| {
+      $name = $user['name']
+      $pass = $user['password'] ? {
+        String  => $user['password'],
+        default => $user['password'].unwrap,
+      }
+      "${name}:${pass}"
+    }.join(','),
+    'CONCOURSE_MAIN_TEAM_LOCAL_USER' => $main_team_group ? {
+      Array   => $main_team_group.join(','),
+      default => undef,
+    },
+  }
+
+  file { $env_file:
+    ensure    => $ensure,
+    content   => epp("${module_name}/env.epp", $environment),
+    # To not show new password
+    show_diff => false,
+    mode      => '0600',
+  }
+
+  systemd::manage_dropin { 'concourse-local-auth':
+    ensure        => $ensure,
+    unit          => $concourse::web::service,
+    service_entry => {
+      'EnvironmentFile' => $env_file,
+    },
+  }
+}