Merge "Add a trigger to call ldap_backend define"

manifests/profile/base/keystone.pp

@@ -59,6 +59,15 @@
 #   heat admin user name
 #   Defaults to undef
 #
+# [*ldap_backends_config*]
+#   Configuration for keystone::ldap_backend. This takes a hash that will
+#   create each backend specified.
+#   Defaults to undef
+#
+# [*ldap_backend_enable*]
+#   Enables creating per-domain LDAP backends for keystone.
+#   Default to false
+#
 # [*manage_db_purge*]
 #   (Optional) Whether keystone token flushing should be enabled
 #   Defaults to hiera('keystone_enable_db_purge', true)
@@ -126,6 +135,8 @@ class tripleo::profile::base::keystone (
   $heat_admin_email              = undef,
   $heat_admin_password           = undef,
   $heat_admin_user               = undef,
+  $ldap_backends_config          = undef,
+  $ldap_backend_enable           = false,
   $manage_db_purge               = hiera('keystone_enable_db_purge', true),
   $public_endpoint_network       = hiera('keystone_public_api_network', undef),
   $oslomsg_rpc_proto             = hiera('messaging_rpc_service_name', 'rabbit'),
@@ -207,6 +218,11 @@ class tripleo::profile::base::keystone (
       ssl_key_admin  => $tls_keyfile_admin,
     }
     include ::keystone::cors
+
+    if $ldap_backend_enable {
+      validate_hash($ldap_backends_config)
+      create_resources('::keystone::ldap_backend', $ldap_backends_config)
+    }
   }
 
   if $step >= 4 and $manage_db_purge {

releasenotes/notes/add-ldap-backend-48e875e971343e2a.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - Add keystone::ldap_backend call as resource when is trigged to setup a LDAP
+    backend as keystone domain. This allows per-domain LDAP backends for
+    keystone.