From d6d099f6c3b90ac657a8788863219580f1c4b66b Mon Sep 17 00:00:00 2001 From: Georgina Date: Mon, 15 Jun 2020 18:24:32 +0000 Subject: [PATCH] Identity providers can be created with specifed domain Add idp_domain_id parameter so that when creating an identity provider a domain can be specified that the IDP resides within instead of creating and belonging to a new auto generated domain. This change is backwards compatible, idp_domain_id is optional. Change-Id: If761dd4faf63cf09d436d9e0a22f7e90cec9a105 --- library/keystone | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) mode change 100644 => 100755 library/keystone diff --git a/library/keystone b/library/keystone old mode 100644 new mode 100755 index 01e10788..82651c29 --- a/library/keystone +++ b/library/keystone @@ -157,6 +157,11 @@ options: - Set whether a remote identity provider is enabled required: False default: True + idp_domain_id: + description: + - The id of the domain to add the identity provider to + required: False + default: None sp_name: description: - A name for the service provider @@ -418,7 +423,8 @@ COMMAND_MAP = { 'variables': [ 'idp_name', 'idp_remote_ids', - 'idp_enabled' + 'idp_enabled', + 'idp_domain_id' ] }, 'ensure_service_provider': { @@ -1246,11 +1252,18 @@ class ManageKeystone(object): def ensure_identity_provider(self, variables): self._authenticate() + required_vars = {'idp_name': 'id', + 'idp_remote_ids': 'remote_ids', + 'idp_enabled': 'enabled'} + + if self.module.params.get('idp_domain_id') is not None: + required_vars['idp_domain_id'] = 'domain_id' + else: + variables.remove('idp_domain_id') + return self._ensure_generic( manager=self.keystone.federation.identity_providers, - required_vars={'idp_name': 'id', - 'idp_remote_ids': 'remote_ids', - 'idp_enabled': 'enabled'}, + required_vars=required_vars, variables=variables ) @@ -1402,6 +1415,10 @@ def main(): default=True, required=False, ), + idp_domain_id=dict( + type='str', + required=False, + ), sp_name=dict( type='str', required=False,