From 77612a9d8ebfdbcca882193899da87cc3dd9cd0f Mon Sep 17 00:00:00 2001
From: Dale McDiarmid <dalem@elastic.co>
Date: Mon, 19 Sep 2016 13:57:09 +0100
Subject: [PATCH] Support for role mapping

---
 tasks/xpack/shield/elasticsearch-shield-file.yml | 2 --
 tasks/xpack/shield/elasticsearch-shield.yml      | 9 ++++++++-
 templates/shield/role_mapping.yml.j2             | 1 +
 test/integration/xpack.yml                       | 6 ++++++
 4 files changed, 15 insertions(+), 3 deletions(-)
 create mode 100644 templates/shield/role_mapping.yml.j2

diff --git a/tasks/xpack/shield/elasticsearch-shield-file.yml b/tasks/xpack/shield/elasticsearch-shield-file.yml
index 0746f4b..da78e91 100644
--- a/tasks/xpack/shield/elasticsearch-shield-file.yml
+++ b/tasks/xpack/shield/elasticsearch-shield-file.yml
@@ -60,5 +60,3 @@
   template: src=shield/users_roles.j2 dest={{conf_dir}}/shield/users_roles mode=0644 force=yes
   when: manage_file_users and users_roles | length > 0
 
-#TODO: Support for mapping file
-
diff --git a/tasks/xpack/shield/elasticsearch-shield.yml b/tasks/xpack/shield/elasticsearch-shield.yml
index ca16402..0b1a267 100644
--- a/tasks/xpack/shield/elasticsearch-shield.yml
+++ b/tasks/xpack/shield/elasticsearch-shield.yml
@@ -14,7 +14,14 @@
   notify: load-native-realms
   when: (es_enable_xpack and '"shield" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))
 
-#---------------------------------------------------------------------
+#-----------------------------ROLE MAPPING ----------------------------------------
+
+#Copy Roles files
+- name: Copy role_mapping.yml File for Instance
+  template: src=shield/role_mapping.yml.j2 dest={{conf_dir}}/shield/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
+  when: es_role_mapping is defined
+
+#------------------------------------------------------------------------------------
 
 #Ensure shield conf directory is created
 - name: Ensure shield conf directory exists
diff --git a/templates/shield/role_mapping.yml.j2 b/templates/shield/role_mapping.yml.j2
new file mode 100644
index 0000000..2584375
--- /dev/null
+++ b/templates/shield/role_mapping.yml.j2
@@ -0,0 +1 @@
+{{ es_role_mapping | to_nice_yaml }}
\ No newline at end of file
diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml
index fb22b60..8bfcd2b 100644
--- a/test/integration/xpack.yml
+++ b/test/integration/xpack.yml
@@ -16,6 +16,12 @@
       - watcher
     es_api_basic_auth_username: es_admin
     es_api_basic_auth_password: changeMe
+    es_role_mapping:
+      power_user:
+        - "cn=admins,dc=example,dc=com"
+      user:
+        - "cn=users,dc=example,dc=com"
+        - "cn=admins,dc=example,dc=com"
     es_users:
       native:
         kibana4_server: