Add a trigger to call ldap_backend define
Ldap_backend is a define so we need a resource to talk it. If ldap_backend_enable set by tripleo-heat-templates, we call the ldap_backend as a resource. Given an environment such as the following: parameter_defaults: KeystoneLdapDomainEnable: true KeystoneLDAPBackendConfigs: tripleoldap: url: ldap://192.0.2.250 user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com password: Secrete suffix: dc=redhat,dc=example,dc=com user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)" user_objectclass: person user_id_attribute: cn user_allow_create: false user_allow_update: false user_allow_delete: false ControllerExtraConfig: nova::keystone::authtoken::auth_version: v3 cinder::keystone::authtoken::auth_version: v3 It would then create a domain called tripleoldap with an LDAP configuration as defined by the hash. The parameters from the hash are defined by the keystone::ldap_backend resource in puppet-keystone. More backends can be added as more entries to that hash. Partial-Bug: 1677603 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Co-Authored-By: Guillaume Coré <gucore@redhat.com> Signed-off-by: Cyril Lopez <cylopez@redhat.com> Change-Id: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db
This commit is contained in:
parent
6f19cb59f3
commit
b8388e378a
|
@ -59,6 +59,15 @@
|
|||
# heat admin user name
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*ldap_backends_config*]
|
||||
# Configuration for keystone::ldap_backend. This takes a hash that will
|
||||
# create each backend specified.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*ldap_backend_enable*]
|
||||
# Enables creating per-domain LDAP backends for keystone.
|
||||
# Default to false
|
||||
#
|
||||
# [*manage_db_purge*]
|
||||
# (Optional) Whether keystone token flushing should be enabled
|
||||
# Defaults to hiera('keystone_enable_db_purge', true)
|
||||
|
@ -126,6 +135,8 @@ class tripleo::profile::base::keystone (
|
|||
$heat_admin_email = undef,
|
||||
$heat_admin_password = undef,
|
||||
$heat_admin_user = undef,
|
||||
$ldap_backends_config = undef,
|
||||
$ldap_backend_enable = false,
|
||||
$manage_db_purge = hiera('keystone_enable_db_purge', true),
|
||||
$public_endpoint_network = hiera('keystone_public_api_network', undef),
|
||||
$oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
|
||||
|
@ -207,6 +218,11 @@ class tripleo::profile::base::keystone (
|
|||
ssl_key_admin => $tls_keyfile_admin,
|
||||
}
|
||||
include ::keystone::cors
|
||||
|
||||
if $ldap_backend_enable {
|
||||
validate_hash($ldap_backends_config)
|
||||
create_resources('::keystone::ldap_backend', $ldap_backends_config)
|
||||
}
|
||||
}
|
||||
|
||||
if $step >= 4 and $manage_db_purge {
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- Add keystone::ldap_backend call as resource when is trigged to setup a LDAP
|
||||
backend as keystone domain. This allows per-domain LDAP backends for
|
||||
keystone.
|
Loading…
Reference in New Issue