openstack/puppet-keystone
Code Issues Proposed changes

domain backend drivers set in domain config

Browse Source 
When using the ldap_backend define, it will set the global
keystone configuration to use that driver too. This causes
an issue where default domain might be sql for openstack
service accounts and ldap for user accounts. The class
keystone::ldap handles setting the drivers in the global
keystone config file.

Change-Id: I768c5130a6fc23ec0a0bc7686f76cc859b4c8022
Closes-Bug: 1563261
This commit is contained in:
Matthew J Black 2016-03-29 06:59:20 -04:00
parent 04d49698b1
commit 8594336d74
2 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
manifests/ldap_backend.pp
View File

@ -312,7 +312,7 @@
# #
# [*identity_driver*] # [*identity_driver*]
# Identity backend driver. (string value) # Identity backend driver. (string value)
# Defaults to 'undef' # Defaults to 'ldap'
# #
# [*credential_driver*] # [*credential_driver*]
# Credential backend driver. (string value) # Credential backend driver. (string value)
@ -442,7 +442,7 @@ define keystone::ldap_backend(
$tls_cacertdir = undef, $tls_cacertdir = undef,
$tls_cacertfile = undef, $tls_cacertfile = undef,
$tls_req_cert = undef, $tls_req_cert = undef,
$identity_driver = undef, $identity_driver = 'ldap',
$assignment_driver = undef, $assignment_driver = undef,
$credential_driver = undef, $credential_driver = undef,
$use_pool = false, $use_pool = false,
@ -570,9 +570,8 @@ define keystone::ldap_backend(
"${domain}::ldap/use_auth_pool": value => $use_auth_pool; "${domain}::ldap/use_auth_pool": value => $use_auth_pool;
"${domain}::ldap/auth_pool_size": value => $auth_pool_size; "${domain}::ldap/auth_pool_size": value => $auth_pool_size;
"${domain}::ldap/auth_pool_connection_lifetime": value => $auth_pool_connection_lifetime; "${domain}::ldap/auth_pool_connection_lifetime": value => $auth_pool_connection_lifetime;
"${domain}::identity/driver": value => $identity_driver;
"${domain}::credential/driver": value => $credential_driver;
"${domain}::assignment/driver": value => $assignment_driver;
} }
ensure_resource('keystone_config', 'identity/driver', {value => $identity_driver})
ensure_resource('keystone_config', 'credential/driver', {value => $credential_driver})
ensure_resource('keystone_config', 'assignment/driver', {value => $assignment_driver})
} }

2
spec/defines/keystone_ldap_backend_spec.rb
View File

@ -189,7 +189,7 @@ describe 'keystone::ldap_backend' do
is_expected.to contain_keystone_domain_config('Default::ldap/auth_pool_connection_lifetime').with_value('200') is_expected.to contain_keystone_domain_config('Default::ldap/auth_pool_connection_lifetime').with_value('200')
# drivers # drivers
is_expected.to contain_keystone_config('identity/driver').with_value('ldap') is_expected.to contain_keystone_domain_config('Default::identity/driver').with_value('ldap')
end end
end end
end end