openstack/puppet-keystone
Code Issues Proposed changes

Merge "keystone::ldap: Use $::os_service_default instead of undef"

Browse Source
This commit is contained in:
Zuul 2022-03-30 07:06:56 +00:00 committed by Gerrit Code Review
commit 9ded22a500
1 changed files with 83 additions and 82 deletions

165
manifests/ldap.pp

@ -6,59 +6,60 @@
# #
# [*url*] # [*url*]
# URL for connecting to the LDAP server. (string value) # URL for connecting to the LDAP server. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user*] # [*user*]
# User BindDN to query the LDAP server. (string value) # User BindDN to query the LDAP server. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*password*] # [*password*]
# Password for the BindDN to query the LDAP server. (string value) # Password for the BindDN to query the LDAP server. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*suffix*] # [*suffix*]
# LDAP server suffix (string value) # LDAP server suffix (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*query_scope*] # [*query_scope*]
# The LDAP scope for queries, this can be either "one" # The LDAP scope for queries, this can be either "one"
# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). (string value) # (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*page_size*] # [*page_size*]
# Maximum results per page; a value of zero ("0") disables paging. (integer value) # Maximum results per page; a value of zero ("0") disables paging. (integer value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_tree_dn*] # [*user_tree_dn*]
# Search base for users. (string value) # Search base for users. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_filter*] # [*user_filter*]
# LDAP search filter for users. (string value) # LDAP search filter for users. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_objectclass*] # [*user_objectclass*]
# LDAP objectclass for users. (string value) # LDAP objectclass for users. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_id_attribute*] # [*user_id_attribute*]
# LDAP attribute mapped to user id. WARNING: must not be a multivalued attribute. (string value) # LDAP attribute mapped to user id. WARNING: must not be a multivalued attribute. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_name_attribute*] # [*user_name_attribute*]
# LDAP attribute mapped to user name. (string value) # LDAP attribute mapped to user name. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_description_attribute*] # [*user_description_attribute*]
# LDAP attribute mapped to user description. (string value) # LDAP attribute mapped to user description. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_mail_attribute*] # [*user_mail_attribute*]
# LDAP attribute mapped to user email. (string value) # LDAP attribute mapped to user email. (string value)
# Defaults to $::os_service_default
# #
# [*user_enabled_attribute*] # [*user_enabled_attribute*]
# LDAP attribute mapped to user enabled flag. (string value) # LDAP attribute mapped to user enabled flag. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_enabled_mask*] # [*user_enabled_mask*]
# Bitmask integer to indicate the bit that the enabled value is stored in if # Bitmask integer to indicate the bit that the enabled value is stored in if
@ -66,7 +67,7 @@
# boolean. A value of "0" indicates the mask is not used. If this is not set # boolean. A value of "0" indicates the mask is not used. If this is not set
# to "0" the typical value is "2". This is typically used when # to "0" the typical value is "2". This is typically used when
# "user_enabled_attribute = userAccountControl". (integer value) # "user_enabled_attribute = userAccountControl". (integer value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_enabled_default*] # [*user_enabled_default*]
# Default value to enable users. This should match an appropriate int value # Default value to enable users. This should match an appropriate int value
@ -74,7 +75,7 @@
# is enabled or disabled. If this is not set to "True" the typical value is # is enabled or disabled. If this is not set to "True" the typical value is
# "512". This is typically used when "user_enabled_attribute = # "512". This is typically used when "user_enabled_attribute =
# userAccountControl". (string value) # userAccountControl". (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_enabled_invert*] # [*user_enabled_invert*]
# Invert the meaning of the boolean enabled values. Some LDAP servers use a # Invert the meaning of the boolean enabled values. Some LDAP servers use a
@ -82,30 +83,30 @@
# "user_enabled_invert = true" will allow these lock attributes to be used. # "user_enabled_invert = true" will allow these lock attributes to be used.
# This setting will have no effect if "user_enabled_mask" or # This setting will have no effect if "user_enabled_mask" or
# "user_enabled_emulation" settings are in use. (boolean value) # "user_enabled_emulation" settings are in use. (boolean value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_attribute_ignore*] # [*user_attribute_ignore*]
# List of attributes stripped off the user on update. (list value) # List of attributes stripped off the user on update. (list value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_default_project_id_attribute*] # [*user_default_project_id_attribute*]
# LDAP attribute mapped to default_project_id for users. (string value) # LDAP attribute mapped to default_project_id for users. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_pass_attribute*] # [*user_pass_attribute*]
# LDAP attribute mapped to password. (string value) # LDAP attribute mapped to password. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_enabled_emulation*] # [*user_enabled_emulation*]
# If true, Keystone uses an alternative method to determine if # If true, Keystone uses an alternative method to determine if
# a user is enabled or not by checking if they are a member of # a user is enabled or not by checking if they are a member of
# the "user_enabled_emulation_dn" group. (boolean value) # the "user_enabled_emulation_dn" group. (boolean value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_enabled_emulation_dn*] # [*user_enabled_emulation_dn*]
# DN of the group entry to hold enabled users when using enabled emulation. # DN of the group entry to hold enabled users when using enabled emulation.
# (string value) # (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*user_additional_attribute_mapping*] # [*user_additional_attribute_mapping*]
# List of additional LDAP attributes used for mapping # List of additional LDAP attributes used for mapping
@ -113,74 +114,74 @@
# format is <ldap_attr>:<user_attr>, where ldap_attr is the # format is <ldap_attr>:<user_attr>, where ldap_attr is the
# attribute in the LDAP entry and user_attr is the Identity # attribute in the LDAP entry and user_attr is the Identity
# API attribute. (list value) # API attribute. (list value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*group_tree_dn*] # [*group_tree_dn*]
# Search base for groups. (string value) # Search base for groups. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*group_filter*] # [*group_filter*]
# LDAP search filter for groups. (string value) # LDAP search filter for groups. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*group_objectclass*] # [*group_objectclass*]
# LDAP objectclass for groups. (string value) # LDAP objectclass for groups. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*group_id_attribute*] # [*group_id_attribute*]
# LDAP attribute mapped to group id. (string value) # LDAP attribute mapped to group id. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*group_name_attribute*] # [*group_name_attribute*]
# LDAP attribute mapped to group name. (string value) # LDAP attribute mapped to group name. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*group_member_attribute*] # [*group_member_attribute*]
# LDAP attribute mapped to show group membership. (string value) # LDAP attribute mapped to show group membership. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*group_members_are_ids*] # [*group_members_are_ids*]
# LDAP attribute when members of the group object class are keystone user IDs. (boolean value) # LDAP attribute when members of the group object class are keystone user IDs. (boolean value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*group_desc_attribute*] # [*group_desc_attribute*]
# LDAP attribute mapped to group description. (string value) # LDAP attribute mapped to group description. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*group_attribute_ignore*] # [*group_attribute_ignore*]
# List of attributes stripped off the group on update. (list value) # List of attributes stripped off the group on update. (list value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*group_additional_attribute_mapping*] # [*group_additional_attribute_mapping*]
# Additional attribute mappings for groups. Attribute mapping # Additional attribute mappings for groups. Attribute mapping
# format is <ldap_attr>:<user_attr>, where ldap_attr is the # format is <ldap_attr>:<user_attr>, where ldap_attr is the
# attribute in the LDAP entry and user_attr is the Identity # attribute in the LDAP entry and user_attr is the Identity
# API attribute. (list value) # API attribute. (list value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*chase_referrals*] # [*chase_referrals*]
# Whether or not to chase returned referrals. (boolean value) # Whether or not to chase returned referrals. (boolean value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*use_tls*] # [*use_tls*]
# Enable TLS for communicating with LDAP servers. (boolean value) # Enable TLS for communicating with LDAP servers. (boolean value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*tls_cacertfile*] # [*tls_cacertfile*]
# CA certificate file path for communicating with LDAP servers. (string value) # CA certificate file path for communicating with LDAP servers. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*tls_cacertdir*] # [*tls_cacertdir*]
# CA certificate directory path for communicating with LDAP servers. (string value) # CA certificate directory path for communicating with LDAP servers. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*tls_req_cert*] # [*tls_req_cert*]
# Valid options for tls_req_cert are demand, never, and allow. (string value) # Valid options for tls_req_cert are demand, never, and allow. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*identity_driver*] # [*identity_driver*]
# Identity backend driver. (string value) # Identity backend driver. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*use_pool*] # [*use_pool*]
# Enable LDAP connection pooling. (boolean value) # Enable LDAP connection pooling. (boolean value)
@ -221,11 +222,11 @@
# #
# [*credential_driver*] # [*credential_driver*]
# Credential backend driver. (string value) # Credential backend driver. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*assignment_driver*] # [*assignment_driver*]
# Assignment backend driver. (string value) # Assignment backend driver. (string value)
# Defaults to 'undef' # Defaults to $::os_service_default
# #
# [*package_ensure*] # [*package_ensure*]
# (optional) Desired ensure state of packages. # (optional) Desired ensure state of packages.
@ -247,47 +248,47 @@
# Copyright 2012 Puppetlabs Inc, unless otherwise noted. # Copyright 2012 Puppetlabs Inc, unless otherwise noted.
# #
class keystone::ldap( class keystone::ldap(
$url = undef, $url = $::os_service_default,
$user = undef, $user = $::os_service_default,
$password = undef, $password = $::os_service_default,
$suffix = undef, $suffix = $::os_service_default,
$query_scope = undef, $query_scope = $::os_service_default,
$page_size = undef, $page_size = $::os_service_default,
$user_tree_dn = undef, $user_tree_dn = $::os_service_default,
$user_filter = undef, $user_filter = $::os_service_default,
$user_objectclass = undef, $user_objectclass = $::os_service_default,
$user_id_attribute = undef, $user_id_attribute = $::os_service_default,
$user_name_attribute = undef, $user_name_attribute = $::os_service_default,
$user_description_attribute = undef, $user_description_attribute = $::os_service_default,
$user_mail_attribute = undef, $user_mail_attribute = $::os_service_default,
$user_enabled_attribute = undef, $user_enabled_attribute = $::os_service_default,
$user_enabled_mask = undef, $user_enabled_mask = $::os_service_default,
$user_enabled_default = undef, $user_enabled_default = $::os_service_default,
$user_enabled_invert = undef, $user_enabled_invert = $::os_service_default,
$user_attribute_ignore = undef, $user_attribute_ignore = $::os_service_default,
$user_default_project_id_attribute = undef, $user_default_project_id_attribute = $::os_service_default,
$user_pass_attribute = undef, $user_pass_attribute = $::os_service_default,
$user_enabled_emulation = undef, $user_enabled_emulation = $::os_service_default,
$user_enabled_emulation_dn = undef, $user_enabled_emulation_dn = $::os_service_default,
$user_additional_attribute_mapping = undef, $user_additional_attribute_mapping = $::os_service_default,
$group_tree_dn = undef, $group_tree_dn = $::os_service_default,
$group_filter = undef, $group_filter = $::os_service_default,
$group_objectclass = undef, $group_objectclass = $::os_service_default,
$group_id_attribute = undef, $group_id_attribute = $::os_service_default,
$group_name_attribute = undef, $group_name_attribute = $::os_service_default,
$group_member_attribute = undef, $group_member_attribute = $::os_service_default,
$group_members_are_ids = undef, $group_members_are_ids = $::os_service_default,
$group_desc_attribute = undef, $group_desc_attribute = $::os_service_default,
$group_attribute_ignore = undef, $group_attribute_ignore = $::os_service_default,
$group_additional_attribute_mapping = undef, $group_additional_attribute_mapping = $::os_service_default,
$chase_referrals = undef, $chase_referrals = $::os_service_default,
$use_tls = undef, $use_tls = $::os_service_default,
$tls_cacertdir = undef, $tls_cacertdir = $::os_service_default,
$tls_cacertfile = undef, $tls_cacertfile = $::os_service_default,
$tls_req_cert = undef, $tls_req_cert = $::os_service_default,
$identity_driver = undef, $identity_driver = $::os_service_default,
$assignment_driver = undef, $assignment_driver = $::os_service_default,
$credential_driver = undef, $credential_driver = $::os_service_default,
$use_pool = true, $use_pool = true,
$pool_size = 10, $pool_size = 10,
$pool_retry_max = 3, $pool_retry_max = 3,
@ -311,7 +312,7 @@ class keystone::ldap(
}) })
} }
if ($tls_cacertdir != undef) { if ! is_service_default($tls_cacertdir) {
file { $tls_cacertdir: file { $tls_cacertdir:
ensure => directory ensure => directory
} }