This patch fixes package name of python-ldapppool and python-pysaml2,
so that correct package names, python3-*, are used in OSs which use
Python3 as the default Python.
Change-Id: I0dc5dd487996307811edd177d13d6d5ac8f841ee
After this it's only the keystone init class and the
keystone ldap backend definition left.
puppet-keystone is the last module then everything
is using rspec-puppet-facts.
Change-Id: I3d22478a6d3f9feeacfa7d6ca9c728f9f9f2b361
Enable this option if the members of the group
object class are keystone user IDs rather than LDAP DNs.
This is thecase when using posixGroup as the group object
class in Open Directory.
Closes-Bug: #1805801
Change-Id: I46ec675fb959c5d1b8f9cbf300e480026e803a66
Signed-off-by: Cyril Lopez <cylopez@redhat.com>
When puppet runs it will try to install python-ldap and
python-ldappool. Each run will install one or the other
due to the other package settings telling the package
manager to uninstall it.
Change-Id: I13a0af479dcac45ff77685f5eccfb865f7dab0f5
Closes-Bug: #1709519
group_allow_* options for ldap are deprecated in Keystone.
Setting these will now have no effect and these will be
removed as parameters in a future release.
Change-Id: Iac8a33c0d9babdf9e5bfa32ed0fa78d0aa8c7571
Closes-Bug: #1658326
These options are deprecated in keystone and setting them either true or
false will produce a warning in Keystone.
Change-Id: Icab0d0dd5558cfb03e0a9cef738beb26d9245269
python-ldap follows/chases referrals with anonymous access but
this is disabled by default in Active Directory. There is an
argument to set this to default to disabled but for the moment
just present an option for the user to choose.
For further information see:
https://access.redhat.com/solutions/2309891
Change-Id: I83ff3186ecced663a30a028e153f9259427fa13d
Signed-off-by: Christopher Brown <snecklifter@gmail.com>
In some instances you may not want this module managing the LDAP
packages, so we'll wrap it with a conditional that defaults to the old
behavior.
Change-Id: Ib1b401178facf364a6a62e4ca00084c56d0ecc4d
Instead of using long backend/drivers name, use short name and stevedore
will load plugins for us.
It will prevent this kind of message in logs:
Failed to load 'keystone.catalog.backends.sql.Catalog' using stevedore:
No 'keystone.catalog' driver found,
Also cleanup unit and functional tests that were setting wrong
credential & assignment drivers.
Change-Id: Id3b8ed63ef9a821eba5374af7ed0fd1c8d755e09
Remove value test for ldap/project_filter and
ldap/project_attribute_ignore (the value is undef), and the comportment
is different between puppet3.x and puppet4.x (.with_value(nil) and
.with_value('')).
This patch also update RSpec 3.x matcher in order to remove deprecation
warnings (in unit spec/unit/provider/keystone_spec.rb).
Closes-bug: #1447620
Change-Id: Ib7118375d2ef72de045ece515fa611bdd3dda8e4
Like it's the case for 'identity', add the support to configure
'credential' driver.
Closes-bug: #1238103
Change-Id: I9949dcb863c23461ce5fbe5e741d09a6a77eea9a
This patch aim to update our specs test in order to work with the
rspec-puppet release 2.0.0, in the mean time, we update rspec syntax in
order to be prepared for rspec 3.x move.
In details:
* Use shared_examples "a Puppet::Error" for puppet::error tests
* Convert 'should' keyword to 'is_expected.to' (prepare rspec 3.x)
* Fix spec tests for rspec-puppet 2.0.0
* Upgrade and pin rspec-puppet from 1.0.1 to 2.0.0
* Clean Gemfile (remove over-specificication of runtime deps of puppetlabs_spec_helper)
* Standardize gemfile (add json, webmock)
Change-Id: I35a39d4f3919d56c9448f0a0602cfe284ebc2e9c
Card: https://trello.com/c/eHXc1Ryd/4-investigate-the-necessary-change-to-be-rspec-puppet-2-0-0-compliant
LDAP connection pools allow for increased LDAP performance by
maintaining a connection pool. Documentation on configuation is
available here:
http://docs.openstack.org/developer/keystone/configuration.html
Change-Id: I6376e8ca5fffa7e04774fa1fa81709f7eaae3b4a
The ldap backend has a new parameter called user_enabled_invert.
This should be supported by puppet.
Closes-Bug: #1383779
Change-Id: I6d10408b15fa56610e25b37d3962067e8361da5c
- The same attribute was mistakenly written to incorrect fields
- A few tenant_ attributes were missing
- The test was incomplete
- The tenant_mail_attribute was mistakenly included, it doesn't exist
Change-Id: I57a05bce9b9246036f586bc80bc0b0c7f8b4694a
Adding full support for integrating Keystone via LDAP. Enables
support for managing all LDAP related Keystone options.
- Add two examples of LDAP configuration, although LDAP environments
are highly variable, these will help get everyone started
- Modify the keystone::ldap class to support all LDAP related options
- Check sane defaults in the keystone::ldap class to hopefully reduce mistakes
- Add a dependency on the python-ldap package
- Modify the LDAP test to match the new class
- Make the default-tenant optional since some LDAP backends do not
support this
Change-Id: Ie6879eb4816fd2b906f72cac8deb3b62bd4b2430
