Add support for ldap-config-flags

2017-01-27 15:07:32 +00:00 · 2017-01-27 15:07:32 +00:00 · 541049a35f
parent 0aa41deb58
commit 541049a35f
3 changed files with 29 additions and 11 deletions
--- a/src/README.md
+++ b/src/README.md
@ -21,7 +21,7 @@ LDAP configuration is provided to this charm via configuration options:
                ldap-password="password" \
                ldap-suffix="dc=test,dc=com"

-by default, the name of the application ('keystone-ldap') is the name of
+By default, the name of the application ('keystone-ldap') is the name of
 the domain for which a domain specific configuration will be configured;
 you can change this using the domain-name option:

@ -30,6 +30,15 @@ you can change this using the domain-name option:
 The keystone charm will automatically create a domain to support the backend
 once deployed.

+Additional LDAP configuration options can be passed as a comma delimited
+string using the ldap-config-flags configuration option:
+
+    juju config keystone-ldap \
+        ldap-config-flags="user_id_attribute=cn,user_name_attribute=cn"
+
+This allows the LDAP configuration of the backend to be tailored to an
+individual LDAP configuration.
+
 # Bugs

 Please report bugs on [Launchpad](https://bugs.launchpad.net/charm-keystone-ldap/+filebug).
--- a/src/lib/charm/openstack/keystone_ldap.py
+++ b/src/lib/charm/openstack/keystone_ldap.py
@ -18,14 +18,24 @@ import charmhelpers.core.host as ch_host
 import charmhelpers.core.hookenv as hookenv

 import charmhelpers.contrib.openstack.templating as os_templating
+import charmhelpers.contrib.openstack.utils as os_utils

 import charms_openstack.charm
+import charms_openstack.adapters


 DOMAIN_CONF = "/etc/keystone/domains/keystone.{}.conf"
 KEYSTONE_CONF_TEMPLATE = "keystone.conf"


+class KeystoneLDAPConfigurationAdapter(charms_openstack.adapters.ConfigurationAdapter):
+    '''Charm specific configuration adapter to deal with ldap config flag parsing'''
+
+    @property
+    def ldap_options(self):
+        return os_utils.config_flags_parser(hookenv.config('ldap-config-flags'))
+
+
 class KeystoneLDAPCharm(charms_openstack.charm.OpenStackCharm):

    # Internal name of charm
@ -40,6 +50,8 @@ class KeystoneLDAPCharm(charms_openstack.charm.OpenStackCharm):
    # List of packages to install for this charm
    packages = ['python-ldap', 'python-ldappool']

+    configuration_class = KeystoneLDAPConfigurationAdapter
+
    @property
    def domain_name(self):
        """Domain name for the running application
--- a/src/templates/keystone.conf
+++ b/src/templates/keystone.conf
@ -4,16 +4,6 @@ user = {{ options.ldap_user }}
 password = {{ options.ldap_password }}
 suffix = {{ options.ldap_suffix }}

-user_id_attribute = cn
-user_name_attribute = sn
-
-user_filter =
-group_filter =
-
-debug_level = 4095
-
-# TODO insert generat options via config
-
 user_allow_create = {{ not options.ldap_readonly }}
 user_allow_update = {{ not options.ldap_readonly }}
 user_allow_delete = {{ not options.ldap_readonly }}
@ -22,6 +12,13 @@ group_allow_create = {{ not options.ldap_readonly }}
 group_allow_update = {{ not options.ldap_readonly }}
 group_allow_delete = {{ not options.ldap_readonly }}

+# User supplied configuration flags
+{% if options.ldap_options -%}
+{% for key, value in options.ldap_options.items() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+
 [identity]
 driver = ldap