Enable creating the domain for LDAP backends

this enables the creation of the actual keystone domain if the configuration is created (via the ldap_backend resource). This is done with the flag create_domain_entry which is false by default. Change-Id: Ib6c633b6a975e4b760c10a2aef3c252885b05e28
2017-04-06 15:02:42 +03:00 · 2017-04-06 15:02:42 +03:00 · d7bc6907d3
commit d7bc6907d3
parent 127b42c570
3 changed files with 41 additions and 0 deletions
--- a/manifests/ldap_backend.pp
+++ b/manifests/ldap_backend.pp
@ -373,6 +373,11 @@
 #   LDAP support packages.
 #   Defaults to true.
 #
+# [*create_domain_entry*]
+#   (optional) Creates the domain in keystone via a keystone_domain resource
+#   and attempts to refresh the kesytone service.
+#   Defaults to false.
+#
 # === DEPRECATED group/name
 #
 # == Dependencies
@ -461,6 +466,7 @@ define keystone::ldap_backend(
  $auth_pool_connection_lifetime       = 60,
  $package_ensure                      = present,
  $manage_packages                     = true,
+  $create_domain_entry                 = false,
 ) {

  include ::keystone::deps
@ -582,4 +588,13 @@ and \"${domain_dir_enabled}\" for identity/domain_config_dir"
    "${domain}::credential/driver":                         value => $credential_driver;
    "${domain}::assignment/driver":                         value => $assignment_driver;
  }
+
+  if $create_domain_entry {
+    keystone_domain { $domain :
+      ensure  => 'present',
+      enabled => true,
+      tag     => 'domain-specific-ldap'
+    }
+    Keystone_domain[$domain] ~> Exec<| title == 'restart_keystone' |>
+  }
 }
--- a/releasenotes/notes/Create-domain-on-ldap_backend-resource-ac3cc85bc101883e.yaml
+++ b/releasenotes/notes/Create-domain-on-ldap_backend-resource-ac3cc85bc101883e.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - The flag 'create_domain_entry' was added to the 'keystone::ldap_backend'
+    resource. It defaults to false. But, if set to true, it will create the
+    domain in keystone and will attempt to refresh the keystone server. Note
+    that in order for the keystone server to be refreshed, the 'manage_service'
+    and 'enabled' flags need to be set in the base ::keystone module.
--- a/spec/defines/keystone_ldap_backend_spec.rb
+++ b/spec/defines/keystone_ldap_backend_spec.rb
@ -5,6 +5,11 @@ describe 'keystone::ldap_backend' do
    let(:title) { 'Default' }
    let(:pre_condition) do
      <<-EOM
+      exec { 'restart_keystone':
+        path        => ['/usr/sbin', '/usr/bin', '/sbin', '/bin/'],
+        command     => "service ${service_name_real} restart",
+        refreshonly => true,
+      }
      keystone_config {'identity/domain_specific_drivers_enabled': value => true}
      keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'}
      file {'/etc/keystone/keystone.conf': ensure => present }
@ -195,6 +200,20 @@ describe 'keystone::ldap_backend' do
        # drivers
        is_expected.to contain_keystone_domain_config('Default::identity/driver').with_value('ldap')
      end
+
+      context 'with keystone domain creation enabled' do
+        before do
+          params.merge! ({
+            :create_domain_entry => true
+          })
+        end
+        it 'creates the keystone domain and refreshes the service' do
+          is_expected.to contain_keystone_domain(title).with(
+            :ensure  => 'present',
+            :enabled => true
+          )
+        end
+      end
    end
  end