openstack/puppet-keystone
Code Issues Proposed changes

Merge "Deprecate group_allow_* options for ldap"

Browse Source
This commit is contained in:
Jenkins 2017-01-23 18:50:26 +00:00 committed by Gerrit Code Review
commit 8fd432157a
3 changed files with 183 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
manifests/ldap.pp
View File

@ -260,18 +260,6 @@
# List of attributes stripped off the group on update. (list value)
# Defaults to 'undef'
#
# [*group_allow_create*]
# Allow group creation in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*group_allow_update*]
# Allow group update in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*group_allow_delete*]
# Allow group deletion in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*group_additional_attribute_mapping*]
# Additional attribute mappings for groups. Attribute mapping
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
@ -358,19 +346,31 @@
# LDAP support packages.
# Defaults to true.
#
# === DEPRECATED group/name
# === DEPRECATED PARAMETERS
#
# [*user_allow_create*]
# Allow user creation in LDAP backend. (boolean value)
# Defaults to 'undef' DEPRECATED: Has no effect.
# Defaults to undef
#
# [*user_allow_update*]
# Allow user updates in LDAP backend. (boolean value)
# Defaults to 'undef' DEPRECATED: Has no effect.
# Defaults to undef
#
# [*user_allow_delete*]
# Allow user deletion in LDAP backend. (boolean value)
# Defaults to 'undef' DEPRECATED: Has no effect.
# Defaults to undef
#
# [*group_allow_create*]
# Allow group creation in LDAP backend. (boolean value)
# Defaults to undef
#
# [*group_allow_update*]
# Allow group update in LDAP backend. (boolean value)
# Defaults to undef
#
# [*group_allow_delete*]
# Allow group deletion in LDAP backend. (boolean value)
# Defaults to undef
#
# == Dependencies
# == Examples
@ -384,90 +384,90 @@
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
#
class keystone::ldap(
$url = undef,
$user = undef,
$password = undef,
$suffix = undef,
$query_scope = undef,
$page_size = undef,
$user_tree_dn = undef,
$user_filter = undef,
$user_objectclass = undef,
$user_id_attribute = undef,
$user_name_attribute = undef,
$user_mail_attribute = undef,
$user_enabled_attribute = undef,
$user_enabled_mask = undef,
$user_enabled_default = undef,
$user_enabled_invert = undef,
$user_attribute_ignore = undef,
$user_default_project_id_attribute = undef,
$user_pass_attribute = undef,
$user_enabled_emulation = undef,
$user_enabled_emulation_dn = undef,
$user_additional_attribute_mapping = undef,
$project_tree_dn = undef,
$project_filter = undef,
$project_objectclass = undef,
$project_id_attribute = undef,
$project_member_attribute = undef,
$project_desc_attribute = undef,
$project_name_attribute = undef,
$project_enabled_attribute = undef,
$project_domain_id_attribute = undef,
$project_attribute_ignore = undef,
$project_allow_create = undef,
$project_allow_update = undef,
$project_allow_delete = undef,
$project_enabled_emulation = undef,
$project_enabled_emulation_dn = undef,
$project_additional_attribute_mapping= undef,
$role_tree_dn = undef,
$role_filter = undef,
$role_objectclass = undef,
$role_id_attribute = undef,
$role_name_attribute = undef,
$role_member_attribute = undef,
$role_attribute_ignore = undef,
$role_allow_create = undef,
$role_allow_update = undef,
$role_allow_delete = undef,
$role_additional_attribute_mapping = undef,
$group_tree_dn = undef,
$group_filter = undef,
$group_objectclass = undef,
$group_id_attribute = undef,
$group_name_attribute = undef,
$group_member_attribute = undef,
$group_desc_attribute = undef,
$group_attribute_ignore = undef,
$group_allow_create = undef,
$group_allow_update = undef,
$group_allow_delete = undef,
$group_additional_attribute_mapping = undef,
$chase_referrals = undef,
$use_tls = undef,
$tls_cacertdir = undef,
$tls_cacertfile = undef,
$tls_req_cert = undef,
$identity_driver = undef,
$assignment_driver = undef,
$credential_driver = undef,
$use_pool = false,
$pool_size = 10,
$pool_retry_max = 3,
$pool_retry_delay = 0.1,
$pool_connection_timeout = -1,
$pool_connection_lifetime = 600,
$use_auth_pool = false,
$auth_pool_size = 100,
$auth_pool_connection_lifetime = 60,
$package_ensure = present,
$manage_packages = true,
# DEPRECATED
$user_allow_create = undef,
$user_allow_update = undef,
$user_allow_delete = undef,
$url = undef,
$user = undef,
$password = undef,
$suffix = undef,
$query_scope = undef,
$page_size = undef,
$user_tree_dn = undef,
$user_filter = undef,
$user_objectclass = undef,
$user_id_attribute = undef,
$user_name_attribute = undef,
$user_mail_attribute = undef,
$user_enabled_attribute = undef,
$user_enabled_mask = undef,
$user_enabled_default = undef,
$user_enabled_invert = undef,
$user_attribute_ignore = undef,
$user_default_project_id_attribute = undef,
$user_pass_attribute = undef,
$user_enabled_emulation = undef,
$user_enabled_emulation_dn = undef,
$user_additional_attribute_mapping = undef,
$project_tree_dn = undef,
$project_filter = undef,
$project_objectclass = undef,
$project_id_attribute = undef,
$project_member_attribute = undef,
$project_desc_attribute = undef,
$project_name_attribute = undef,
$project_enabled_attribute = undef,
$project_domain_id_attribute = undef,
$project_attribute_ignore = undef,
$project_allow_create = undef,
$project_allow_update = undef,
$project_allow_delete = undef,
$project_enabled_emulation = undef,
$project_enabled_emulation_dn = undef,
$project_additional_attribute_mapping = undef,
$role_tree_dn = undef,
$role_filter = undef,
$role_objectclass = undef,
$role_id_attribute = undef,
$role_name_attribute = undef,
$role_member_attribute = undef,
$role_attribute_ignore = undef,
$role_allow_create = undef,
$role_allow_update = undef,
$role_allow_delete = undef,
$role_additional_attribute_mapping = undef,
$group_tree_dn = undef,
$group_filter = undef,
$group_objectclass = undef,
$group_id_attribute = undef,
$group_name_attribute = undef,
$group_member_attribute = undef,
$group_desc_attribute = undef,
$group_attribute_ignore = undef,
$group_additional_attribute_mapping = undef,
$chase_referrals = undef,
$use_tls = undef,
$tls_cacertdir = undef,
$tls_cacertfile = undef,
$tls_req_cert = undef,
$identity_driver = undef,
$assignment_driver = undef,
$credential_driver = undef,
$use_pool = false,
$pool_size = 10,
$pool_retry_max = 3,
$pool_retry_delay = 0.1,
$pool_connection_timeout = -1,
$pool_connection_lifetime = 600,
$use_auth_pool = false,
$auth_pool_size = 100,
$auth_pool_connection_lifetime = 60,
$package_ensure = present,
$manage_packages = true,
# DEPRECATED PARAMETERS
$user_allow_create = undef,
$user_allow_update = undef,
$user_allow_delete = undef,
$group_allow_create = undef,
$group_allow_update = undef,
$group_allow_delete = undef,
) {
include ::keystone::deps
@ -486,7 +486,12 @@ class keystone::ldap(
if $user_allow_create or $user_allow_update or $user_allow_delete {
warning("all user_allow_ options are deprecated and have no effect, \
they will be removed in the future")
they will be removed in the future release.")
}
if $group_allow_create or $group_allow_update or $group_allow_delete {
warning("all group_allow_ options are deprecated and have no effect, \
they will be removed in the future release.")
}
keystone_config {
@ -547,9 +552,6 @@ class keystone::ldap(
'ldap/group_member_attribute': value => $group_member_attribute;
'ldap/group_desc_attribute': value => $group_desc_attribute;
'ldap/group_attribute_ignore': value => $group_attribute_ignore;
'ldap/group_allow_create': value => $group_allow_create;
'ldap/group_allow_update': value => $group_allow_update;
'ldap/group_allow_delete': value => $group_allow_delete;
'ldap/group_additional_attribute_mapping': value => $group_additional_attribute_mapping;
'ldap/chase_referrals': value => $chase_referrals;
'ldap/use_tls': value => $use_tls;

5
releasenotes/notes/deprecate-group_allow_ldap-params-671a23e9813f1d75.yaml Normal file
View File

@ -0,0 +1,5 @@
---
deprecations:
- group_allow_* options for ldap are deprecated in Keystone.
Setting these will now have no effect and these will be
removed as parameters in a future release.

150
spec/classes/keystone_ldap_spec.rb
View File

@ -4,82 +4,79 @@ describe 'keystone::ldap' do
describe 'with basic params' do
let :params do
{
:url => 'ldap://foo',
:user => 'cn=foo,dc=example,dc=com',
:password => 'abcdefg',
:suffix => 'dc=example,dc=com',
:query_scope => 'sub',
:page_size => '50',
:user_tree_dn => 'cn=users,dc=example,dc=com',
:user_filter => '(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)',
:user_objectclass => 'inetUser',
:user_id_attribute => 'uid',
:user_name_attribute => 'cn',
:user_mail_attribute => 'mail',
:user_enabled_attribute => 'UserAccountControl',
:user_enabled_mask => '2',
:user_enabled_default => '512',
:user_enabled_invert => 'False',
:user_attribute_ignore => '',
:user_default_project_id_attribute => 'defaultProject',
:user_pass_attribute => 'krbPassword',
:user_enabled_emulation => 'True',
:user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com',
:user_additional_attribute_mapping => 'description:name, gecos:name',
:project_tree_dn => 'ou=projects,ou=openstack,dc=example,dc=com',
:project_filter => '',
:project_objectclass => 'organizationalUnit',
:project_id_attribute => 'ou',
:project_member_attribute => 'member',
:project_desc_attribute => 'description',
:project_name_attribute => 'ou',
:project_enabled_attribute => 'enabled',
:project_domain_id_attribute => 'businessCategory',
:project_attribute_ignore => '',
:project_allow_create => 'True',
:project_allow_update => 'True',
:project_allow_delete => 'True',
:project_enabled_emulation => 'False',
:project_enabled_emulation_dn => 'True',
:url => 'ldap://foo',
:user => 'cn=foo,dc=example,dc=com',
:password => 'abcdefg',
:suffix => 'dc=example,dc=com',
:query_scope => 'sub',
:page_size => '50',
:user_tree_dn => 'cn=users,dc=example,dc=com',
:user_filter => '(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)',
:user_objectclass => 'inetUser',
:user_id_attribute => 'uid',
:user_name_attribute => 'cn',
:user_mail_attribute => 'mail',
:user_enabled_attribute => 'UserAccountControl',
:user_enabled_mask => '2',
:user_enabled_default => '512',
:user_enabled_invert => 'False',
:user_attribute_ignore => '',
:user_default_project_id_attribute => 'defaultProject',
:user_pass_attribute => 'krbPassword',
:user_enabled_emulation => 'True',
:user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com',
:user_additional_attribute_mapping => 'description:name, gecos:name',
:project_tree_dn => 'ou=projects,ou=openstack,dc=example,dc=com',
:project_filter => '',
:project_objectclass => 'organizationalUnit',
:project_id_attribute => 'ou',
:project_member_attribute => 'member',
:project_desc_attribute => 'description',
:project_name_attribute => 'ou',
:project_enabled_attribute => 'enabled',
:project_domain_id_attribute => 'businessCategory',
:project_attribute_ignore => '',
:project_allow_create => 'True',
:project_allow_update => 'True',
:project_allow_delete => 'True',
:project_enabled_emulation => 'False',
:project_enabled_emulation_dn => 'True',
:project_additional_attribute_mapping => 'cn=enabled,ou=openstack,dc=example,dc=com',
:role_tree_dn => 'ou=roles,ou=openstack,dc=example,dc=com',
:role_filter => '',
:role_objectclass => 'organizationalRole',
:role_id_attribute => 'cn',
:role_name_attribute => 'ou',
:role_member_attribute => 'roleOccupant',
:role_attribute_ignore => 'description',
:role_allow_create => 'True',
:role_allow_update => 'True',
:role_allow_delete => 'True',
:role_additional_attribute_mapping => '',
:group_tree_dn => 'ou=groups,ou=openstack,dc=example,dc=com',
:group_filter => 'cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com',
:group_objectclass => 'organizationalRole',
:group_id_attribute => 'cn',
:group_name_attribute => 'cn',
:group_member_attribute => 'roleOccupant',
:group_desc_attribute => 'description',
:group_attribute_ignore => '',
:group_allow_create => 'False',
:group_allow_update => 'False',
:group_allow_delete => 'False',
:group_additional_attribute_mapping => '',
:chase_referrals => 'False',
:use_tls => 'False',
:tls_cacertdir => '/etc/ssl/certs/',
:tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
:tls_req_cert => 'demand',
:identity_driver => 'ldap',
:use_pool => 'True',
:pool_size => 20,
:pool_retry_max => 2,
:pool_retry_delay => 0.2,
:pool_connection_timeout => 222,
:pool_connection_lifetime => 222,
:use_auth_pool => 'True',
:auth_pool_size => 20,
:auth_pool_connection_lifetime => 200,
:role_tree_dn => 'ou=roles,ou=openstack,dc=example,dc=com',
:role_filter => '',
:role_objectclass => 'organizationalRole',
:role_id_attribute => 'cn',
:role_name_attribute => 'ou',
:role_member_attribute => 'roleOccupant',
:role_attribute_ignore => 'description',
:role_allow_create => 'True',
:role_allow_update => 'True',
:role_allow_delete => 'True',
:role_additional_attribute_mapping => '',
:group_tree_dn => 'ou=groups,ou=openstack,dc=example,dc=com',
:group_filter => 'cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com',
:group_objectclass => 'organizationalRole',
:group_id_attribute => 'cn',
:group_name_attribute => 'cn',
:group_member_attribute => 'roleOccupant',
:group_desc_attribute => 'description',
:group_attribute_ignore => '',
:group_additional_attribute_mapping => '',
:chase_referrals => 'False',
:use_tls => 'False',
:tls_cacertdir => '/etc/ssl/certs/',
:tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
:tls_req_cert => 'demand',
:identity_driver => 'ldap',
:use_pool => 'True',
:pool_size => 20,
:pool_retry_max => 2,
:pool_retry_delay => 0.2,
:pool_connection_timeout => 222,
:pool_connection_lifetime => 222,
:use_auth_pool => 'True',
:auth_pool_size => 20,
:auth_pool_connection_lifetime => 200,
}
end
it { is_expected.to contain_package('python-ldap') }
@ -152,9 +149,6 @@ describe 'keystone::ldap' do
is_expected.to contain_keystone_config('ldap/group_desc_attribute').with_value('description')
is_expected.to contain_keystone_config('ldap/group_name_attribute').with_value('cn')
is_expected.to contain_keystone_config('ldap/group_attribute_ignore').with_value('')
is_expected.to contain_keystone_config('ldap/group_allow_create').with_value('False')
is_expected.to contain_keystone_config('ldap/group_allow_update').with_value('False')
is_expected.to contain_keystone_config('ldap/group_allow_delete').with_value('False')
is_expected.to contain_keystone_config('ldap/group_additional_attribute_mapping').with_value('')
# referrals