openstack/puppet-keystone
Code Issues Proposed changes

Add user_description_attribute option

Browse Source 
Adds user_description_attribute mapping support to the LDAP backend

Change-Id: Ibf14f741f95febac5f5e857a73690477e2739f55
Closes-Bug: #1736912
This commit is contained in:
ZhongShengping 2018-01-02 10:55:53 +08:00
parent 0326936e4e
commit a55b9e4efe
5 changed files with 184 additions and 164 deletions

6
manifests/ldap.pp

@ -49,6 +49,10 @@
# LDAP attribute mapped to user name. (string value)
# Defaults to 'undef'
#
# [*user_description_attribute*]
# LDAP attribute mapped to user description. (string value)
# Defaults to 'undef'
#
# [*user_mail_attribute*]
# LDAP attribute mapped to user email. (string value)
#
@ -395,6 +399,7 @@ class keystone::ldap(
$user_objectclass = undef,
$user_id_attribute = undef,
$user_name_attribute = undef,
$user_description_attribute = undef,
$user_mail_attribute = undef,
$user_enabled_attribute = undef,
$user_enabled_mask = undef,
@ -505,6 +510,7 @@ class keystone::ldap(
'ldap/user_objectclass': value => $user_objectclass;
'ldap/user_id_attribute': value => $user_id_attribute;
'ldap/user_name_attribute': value => $user_name_attribute;
'ldap/user_description_attribute': value => $user_description_attribute;
'ldap/user_mail_attribute': value => $user_mail_attribute;
'ldap/user_enabled_attribute': value => $user_enabled_attribute;
'ldap/user_enabled_mask': value => $user_enabled_mask;

176
manifests/ldap_backend.pp

@ -52,6 +52,10 @@
# LDAP attribute mapped to user name. (string value)
# Defaults to 'undef'
#
# [*user_description_attribute*]
# LDAP attribute mapped to user description. (string value)
# Defaults to 'undef'
#
# [*user_mail_attribute*]
# LDAP attribute mapped to user email. (string value)
#
@ -388,91 +392,92 @@
# == Dependencies
# == Examples
define keystone::ldap_backend(
$url = undef,
$user = undef,
$password = undef,
$suffix = undef,
$query_scope = undef,
$page_size = undef,
$user_tree_dn = undef,
$user_filter = undef,
$user_objectclass = undef,
$user_id_attribute = undef,
$user_name_attribute = undef,
$user_mail_attribute = undef,
$user_enabled_attribute = undef,
$user_enabled_mask = undef,
$user_enabled_default = undef,
$user_enabled_invert = undef,
$user_attribute_ignore = undef,
$user_default_project_id_attribute = undef,
$user_allow_create = undef,
$user_allow_update = undef,
$user_allow_delete = undef,
$user_pass_attribute = undef,
$user_enabled_emulation = undef,
$user_enabled_emulation_dn = undef,
$user_additional_attribute_mapping = undef,
$project_tree_dn = undef,
$project_filter = undef,
$project_objectclass = undef,
$project_id_attribute = undef,
$project_member_attribute = undef,
$project_desc_attribute = undef,
$project_name_attribute = undef,
$project_enabled_attribute = undef,
$project_domain_id_attribute = undef,
$project_attribute_ignore = undef,
$project_allow_create = undef,
$project_allow_update = undef,
$project_allow_delete = undef,
$project_enabled_emulation = undef,
$project_enabled_emulation_dn = undef,
$project_additional_attribute_mapping= undef,
$role_tree_dn = undef,
$role_filter = undef,
$role_objectclass = undef,
$role_id_attribute = undef,
$role_name_attribute = undef,
$role_member_attribute = undef,
$role_attribute_ignore = undef,
$role_allow_create = undef,
$role_allow_update = undef,
$role_allow_delete = undef,
$role_additional_attribute_mapping = undef,
$group_tree_dn = undef,
$group_filter = undef,
$group_objectclass = undef,
$group_id_attribute = undef,
$group_name_attribute = undef,
$group_member_attribute = undef,
$group_desc_attribute = undef,
$group_attribute_ignore = undef,
$group_allow_create = undef,
$group_allow_update = undef,
$group_allow_delete = undef,
$group_additional_attribute_mapping = undef,
$group_ad_nesting = undef,
$chase_referrals = undef,
$use_tls = undef,
$tls_cacertdir = undef,
$tls_cacertfile = undef,
$tls_req_cert = undef,
$identity_driver = 'ldap',
$assignment_driver = undef,
$credential_driver = undef,
$use_pool = false,
$pool_size = 10,
$pool_retry_max = 3,
$pool_retry_delay = 0.1,
$pool_connection_timeout = -1,
$pool_connection_lifetime = 600,
$use_auth_pool = false,
$auth_pool_size = 100,
$auth_pool_connection_lifetime = 60,
$package_ensure = present,
$manage_packages = true,
$create_domain_entry = false,
$url = undef,
$user = undef,
$password = undef,
$suffix = undef,
$query_scope = undef,
$page_size = undef,
$user_tree_dn = undef,
$user_filter = undef,
$user_objectclass = undef,
$user_id_attribute = undef,
$user_name_attribute = undef,
$user_description_attribute = undef,
$user_mail_attribute = undef,
$user_enabled_attribute = undef,
$user_enabled_mask = undef,
$user_enabled_default = undef,
$user_enabled_invert = undef,
$user_attribute_ignore = undef,
$user_default_project_id_attribute = undef,
$user_allow_create = undef,
$user_allow_update = undef,
$user_allow_delete = undef,
$user_pass_attribute = undef,
$user_enabled_emulation = undef,
$user_enabled_emulation_dn = undef,
$user_additional_attribute_mapping = undef,
$project_tree_dn = undef,
$project_filter = undef,
$project_objectclass = undef,
$project_id_attribute = undef,
$project_member_attribute = undef,
$project_desc_attribute = undef,
$project_name_attribute = undef,
$project_enabled_attribute = undef,
$project_domain_id_attribute = undef,
$project_attribute_ignore = undef,
$project_allow_create = undef,
$project_allow_update = undef,
$project_allow_delete = undef,
$project_enabled_emulation = undef,
$project_enabled_emulation_dn = undef,
$project_additional_attribute_mapping = undef,
$role_tree_dn = undef,
$role_filter = undef,
$role_objectclass = undef,
$role_id_attribute = undef,
$role_name_attribute = undef,
$role_member_attribute = undef,
$role_attribute_ignore = undef,
$role_allow_create = undef,
$role_allow_update = undef,
$role_allow_delete = undef,
$role_additional_attribute_mapping = undef,
$group_tree_dn = undef,
$group_filter = undef,
$group_objectclass = undef,
$group_id_attribute = undef,
$group_name_attribute = undef,
$group_member_attribute = undef,
$group_desc_attribute = undef,
$group_attribute_ignore = undef,
$group_allow_create = undef,
$group_allow_update = undef,
$group_allow_delete = undef,
$group_additional_attribute_mapping = undef,
$group_ad_nesting = undef,
$chase_referrals = undef,
$use_tls = undef,
$tls_cacertdir = undef,
$tls_cacertfile = undef,
$tls_req_cert = undef,
$identity_driver = 'ldap',
$assignment_driver = undef,
$credential_driver = undef,
$use_pool = false,
$pool_size = 10,
$pool_retry_max = 3,
$pool_retry_delay = 0.1,
$pool_connection_timeout = -1,
$pool_connection_lifetime = 600,
$use_auth_pool = false,
$auth_pool_size = 100,
$auth_pool_connection_lifetime = 60,
$package_ensure = present,
$manage_packages = true,
$create_domain_entry = false,
) {
include ::keystone::deps
@ -522,6 +527,7 @@ and \"${domain_dir_enabled}\" for identity/domain_config_dir"
"${domain}::ldap/user_objectclass": value => $user_objectclass;
"${domain}::ldap/user_id_attribute": value => $user_id_attribute;
"${domain}::ldap/user_name_attribute": value => $user_name_attribute;
"${domain}::ldap/user_description_attribute": value => $user_description_attribute;
"${domain}::ldap/user_mail_attribute": value => $user_mail_attribute;
"${domain}::ldap/user_enabled_attribute": value => $user_enabled_attribute;
"${domain}::ldap/user_enabled_mask": value => $user_enabled_mask;

4
releasenotes/notes/add_user_description_attribute-1875a124def9723f.yaml Normal file

@ -0,0 +1,4 @@
---
features:
- Adds user_description_attribute mapping support to the
LDAP backend.

2
spec/classes/keystone_ldap_spec.rb

@ -15,6 +15,7 @@ describe 'keystone::ldap' do
:user_objectclass => 'inetUser',
:user_id_attribute => 'uid',
:user_name_attribute => 'cn',
:user_description_attribute => 'description',
:user_mail_attribute => 'mail',
:user_enabled_attribute => 'UserAccountControl',
:user_enabled_mask => '2',
@ -95,6 +96,7 @@ describe 'keystone::ldap' do
is_expected.to contain_keystone_config('ldap/user_objectclass').with_value('inetUser')
is_expected.to contain_keystone_config('ldap/user_id_attribute').with_value('uid')
is_expected.to contain_keystone_config('ldap/user_name_attribute').with_value('cn')
is_expected.to contain_keystone_config('ldap/user_description_attribute').with_value('description')
is_expected.to contain_keystone_config('ldap/user_mail_attribute').with_value('mail')
is_expected.to contain_keystone_config('ldap/user_enabled_attribute').with_value('UserAccountControl')
is_expected.to contain_keystone_config('ldap/user_enabled_mask').with_value('2')

160
spec/defines/keystone_ldap_backend_spec.rb

@ -18,86 +18,87 @@ describe 'keystone::ldap_backend' do
describe 'with basic params' do
let :params do
{
:url => 'ldap://foo',
:user => 'cn=foo,dc=example,dc=com',
:password => 'abcdefg',
:suffix => 'dc=example,dc=com',
:query_scope => 'sub',
:page_size => '50',
:user_tree_dn => 'cn=users,dc=example,dc=com',
:user_filter => '(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)',
:user_objectclass => 'inetUser',
:user_id_attribute => 'uid',
:user_name_attribute => 'cn',
:user_mail_attribute => 'mail',
:user_enabled_attribute => 'UserAccountControl',
:user_enabled_mask => '2',
:user_enabled_default => '512',
:user_enabled_invert => 'False',
:user_attribute_ignore => '',
:user_default_project_id_attribute => 'defaultProject',
:user_allow_create => 'False',
:user_allow_update => 'False',
:user_allow_delete => 'False',
:user_pass_attribute => 'krbPassword',
:user_enabled_emulation => 'True',
:user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com',
:user_additional_attribute_mapping => 'description:name, gecos:name',
:project_tree_dn => 'ou=projects,ou=openstack,dc=example,dc=com',
:project_filter => '',
:project_objectclass => 'organizationalUnit',
:project_id_attribute => 'ou',
:project_member_attribute => 'member',
:project_desc_attribute => 'description',
:project_name_attribute => 'ou',
:project_enabled_attribute => 'enabled',
:project_domain_id_attribute => 'businessCategory',
:project_attribute_ignore => '',
:project_allow_create => 'True',
:project_allow_update => 'True',
:project_allow_delete => 'True',
:project_enabled_emulation => 'False',
:project_enabled_emulation_dn => 'True',
:url => 'ldap://foo',
:user => 'cn=foo,dc=example,dc=com',
:password => 'abcdefg',
:suffix => 'dc=example,dc=com',
:query_scope => 'sub',
:page_size => '50',
:user_tree_dn => 'cn=users,dc=example,dc=com',
:user_filter => '(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)',
:user_objectclass => 'inetUser',
:user_id_attribute => 'uid',
:user_name_attribute => 'cn',
:user_description_attribute => 'description',
:user_mail_attribute => 'mail',
:user_enabled_attribute => 'UserAccountControl',
:user_enabled_mask => '2',
:user_enabled_default => '512',
:user_enabled_invert => 'False',
:user_attribute_ignore => '',
:user_default_project_id_attribute => 'defaultProject',
:user_allow_create => 'False',
:user_allow_update => 'False',
:user_allow_delete => 'False',
:user_pass_attribute => 'krbPassword',
:user_enabled_emulation => 'True',
:user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com',
:user_additional_attribute_mapping => 'description:name, gecos:name',
:project_tree_dn => 'ou=projects,ou=openstack,dc=example,dc=com',
:project_filter => '',
:project_objectclass => 'organizationalUnit',
:project_id_attribute => 'ou',
:project_member_attribute => 'member',
:project_desc_attribute => 'description',
:project_name_attribute => 'ou',
:project_enabled_attribute => 'enabled',
:project_domain_id_attribute => 'businessCategory',
:project_attribute_ignore => '',
:project_allow_create => 'True',
:project_allow_update => 'True',
:project_allow_delete => 'True',
:project_enabled_emulation => 'False',
:project_enabled_emulation_dn => 'True',
:project_additional_attribute_mapping => 'cn=enabled,ou=openstack,dc=example,dc=com',
:role_tree_dn => 'ou=roles,ou=openstack,dc=example,dc=com',
:role_filter => '',
:role_objectclass => 'organizationalRole',
:role_id_attribute => 'cn',
:role_name_attribute => 'ou',
:role_member_attribute => 'roleOccupant',
:role_attribute_ignore => 'description',
:role_allow_create => 'True',
:role_allow_update => 'True',
:role_allow_delete => 'True',
:role_additional_attribute_mapping => '',
:group_tree_dn => 'ou=groups,ou=openstack,dc=example,dc=com',
:group_filter => 'cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com',
:group_objectclass => 'organizationalRole',
:group_id_attribute => 'cn',
:group_name_attribute => 'cn',
:group_member_attribute => 'roleOccupant',
:group_desc_attribute => 'description',
:group_attribute_ignore => '',
:group_allow_create => 'False',
:group_allow_update => 'False',
:group_allow_delete => 'False',
:group_additional_attribute_mapping => '',
:group_ad_nesting => 'True',
:chase_referrals => 'False',
:use_tls => 'False',
:tls_cacertdir => '/etc/ssl/certs/',
:tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
:tls_req_cert => 'demand',
:identity_driver => 'ldap',
:use_pool => 'True',
:pool_size => 20,
:pool_retry_max => 2,
:pool_retry_delay => 0.2,
:pool_connection_timeout => 222,
:pool_connection_lifetime => 222,
:use_auth_pool => 'True',
:auth_pool_size => 20,
:auth_pool_connection_lifetime => 200,
:role_tree_dn => 'ou=roles,ou=openstack,dc=example,dc=com',
:role_filter => '',
:role_objectclass => 'organizationalRole',
:role_id_attribute => 'cn',
:role_name_attribute => 'ou',
:role_member_attribute => 'roleOccupant',
:role_attribute_ignore => 'description',
:role_allow_create => 'True',
:role_allow_update => 'True',
:role_allow_delete => 'True',
:role_additional_attribute_mapping => '',
:group_tree_dn => 'ou=groups,ou=openstack,dc=example,dc=com',
:group_filter => 'cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com',
:group_objectclass => 'organizationalRole',
:group_id_attribute => 'cn',
:group_name_attribute => 'cn',
:group_member_attribute => 'roleOccupant',
:group_desc_attribute => 'description',
:group_attribute_ignore => '',
:group_allow_create => 'False',
:group_allow_update => 'False',
:group_allow_delete => 'False',
:group_additional_attribute_mapping => '',
:group_ad_nesting => 'True',
:chase_referrals => 'False',
:use_tls => 'False',
:tls_cacertdir => '/etc/ssl/certs/',
:tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
:tls_req_cert => 'demand',
:identity_driver => 'ldap',
:use_pool => 'True',
:pool_size => 20,
:pool_retry_max => 2,
:pool_retry_delay => 0.2,
:pool_connection_timeout => 222,
:pool_connection_lifetime => 222,
:use_auth_pool => 'True',
:auth_pool_size => 20,
:auth_pool_connection_lifetime => 200,
}
end
it { is_expected.to contain_package('python-ldappool') }
@ -116,6 +117,7 @@ describe 'keystone::ldap_backend' do
is_expected.to contain_keystone_domain_config('Default::ldap/user_objectclass').with_value('inetUser')
is_expected.to contain_keystone_domain_config('Default::ldap/user_id_attribute').with_value('uid')
is_expected.to contain_keystone_domain_config('Default::ldap/user_name_attribute').with_value('cn')
is_expected.to contain_keystone_domain_config('Default::ldap/user_description_attribute').with_value('description')
is_expected.to contain_keystone_domain_config('Default::ldap/user_mail_attribute').with_value('mail')
is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_attribute').with_value('UserAccountControl')
is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_mask').with_value('2')