Juju Charms Collection
keystone package

Merge lp:~heut2008/charms/trusty/keystone/ldap-support into lp:~openstack-charmers-archive/charms/trusty/keystone/next

  1. Trusty Tahr (14.04)
  2. ldap-support
  3. Merge into next
Proposed by Yaguang Tang
Status: Merged
Approved by: Edward Hope-Morley
Approved revision: 68
Merged at revision: 75
Proposed branch: lp:~heut2008/charms/trusty/keystone/ldap-support
Merge into: lp:~openstack-charmers-archive/charms/trusty/keystone/next
Diff against target: 123 lines (+79/-1)
3 files modified
config.yaml (+32/-0)
hooks/keystone_context.py (+13/-0)
templates/icehouse/keystone.conf (+34/-1)
To merge this branch: bzr merge lp:~heut2008/charms/trusty/keystone/ldap-support
Reviewer Review Type Date Requested Status
Edward Hope-Morley Approve
OpenStack Charmers Pending
Review via email: mp+230428@code.launchpad.net

This proposal supersedes a proposal from 2014-08-12.

To post a comment you must log in.
Revision history for this message
Edward Hope-Morley (hopem) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2014-07-16 13:33:47 +0000
3+++ config.yaml 2014-08-12 05:50:14 +0000
4@@ -89,6 +89,38 @@
5 description: |
6 By default, all services will log into their corresponding log files.
7 Setting this to True will force all services to log to the syslog.
8+ identity-backend:
9+ type: string
10+ default: "sql"
11+ description: "Keystone identity backend, valid options are:sql,ldap,kvs,pam"
12+ assignment-backend:
13+ type: string
14+ default: "sql"
15+ description: "Keystone assignment backend, valid options are sql,ldap,kvs"
16+ ldap-server:
17+ type: string
18+ default: None
19+ description: "Ldap server address for keystone identity backend"
20+ ldap-user:
21+ type: string
22+ default: None
23+ description: "Username of the ldap identity server"
24+ ldap-password:
25+ type: string
26+ default: None
27+ description: "Password of the ldap identity server"
28+ ldap-suffix:
29+ type: string
30+ default: None
31+ description: "Ldap server suffix to be used by keystone"
32+ ldap-config-flags:
33+ type: string
34+ default: None
35+ description: "comma sperated options for ldap configuration"
36+ ldap-readonly:
37+ type: boolean
38+ default: True
39+ description: "Ldap identity server backend readonly to keystone"
40 # HA configuration settings
41 vip:
42 type: string
43
44=== modified file 'hooks/keystone_context.py'
45--- hooks/keystone_context.py 2014-05-21 10:02:01 +0000
46+++ hooks/keystone_context.py 2014-08-12 05:50:14 +0000
47@@ -101,6 +101,19 @@
48 ctxt['public_port'] = determine_api_port(api_port('keystone-public'))
49 ctxt['debug'] = config('debug') in ['yes', 'true', 'True']
50 ctxt['verbose'] = config('verbose') in ['yes', 'true', 'True']
51+ ctxt['identity_backend'] = config('identity-backend')
52+ ctxt['assignment_backend'] = config('assignment-backend')
53+ if config('identity-backend') == 'ldap':
54+ ctxt['ldap_server'] = config('ldap-server')
55+ ctxt['ldap_user'] = config('ldap-user')
56+ ctxt['ldap_password'] = config('ldap-password')
57+ ctxt['ldap_suffix'] = config('ldap-suffix')
58+ ctxt['ldap_readonly'] = config('ldap-readonly')
59+ ldap_flags = config('ldap-config-flags')
60+ if ldap_flags:
61+ flags = context.config_flags_parser(ldap_flags)
62+ ctxt['ldap_config_flags'] = flags
63+
64 if config('enable-pki') not in ['false', 'False', 'no', 'No']:
65 ctxt['signing'] = True
66 return ctxt
67
68=== modified file 'templates/icehouse/keystone.conf'
69--- templates/icehouse/keystone.conf 2014-04-16 21:42:49 +0000
70+++ templates/icehouse/keystone.conf 2014-08-12 05:50:14 +0000
71@@ -21,7 +21,7 @@
72 idle_timeout = 200
73
74 [identity]
75-driver = keystone.identity.backends.sql.Identity
76+driver = keystone.identity.backends.{{ identity_backend }}.Identity
77
78 [credential]
79 driver = keystone.credential.backends.sql.Credential
80@@ -49,6 +49,7 @@
81 driver = keystone.contrib.ec2.backends.sql.Ec2
82
83 [assignment]
84+driver = keystone.assignment.backends.{{ assignment_backend }}.Assignment
85
86 [oauth1]
87
88@@ -65,3 +66,35 @@
89
90 [extra_headers]
91 Distribution = Ubuntu
92+
93+[ldap]
94+{% if identity_backend == 'ldap' -%}
95+url = {{ ldap_server }}
96+user = {{ ldap_user }}
97+password = {{ ldap_password }}
98+suffix = {{ ldap_suffix }}
99+
100+{% if ldap_config_flags -%}
101+{% for key, value in ldap_config_flags.iteritems() -%}
102+{{ key }} = {{ value }}
103+{% endfor -%}
104+{% endif -%}
105+
106+{% if ldap_readonly -%}
107+user_allow_create = False
108+user_allow_update = False
109+user_allow_delete = False
110+
111+tenant_allow_create = False
112+tenant_allow_update = False
113+tenant_allow_delete = False
114+
115+role_allow_create = False
116+role_allow_update = False
117+role_allow_delete = False
118+
119+group_allow_create = False
120+group_allow_update = False
121+group_allow_delete = False
122+{% endif -%}
123+{% endif -%}

Subscribers

People subscribed via source and target branches