summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMykyta Karpin <mkarpin@mirantis.com>2017-01-26 19:27:27 +0200
committerMykyta Karpin <mkarpin@mirantis.com>2017-02-13 11:02:49 +0200
commit7cf2e0f36ee174796f15d6e0cbcbfdaef55d4fe3 (patch)
treee2a6306d6ba0d074a7356a410209ad3294e9f493
parent8fb5b0c3693b506ecbd19d40fa7035720fe22554 (diff)
Rewrite additional domains generation
This patch makes use of Puppet native function create_resources() in order to generate Keystone domain resources from hash provided by parce_it() function. This approach required modification of parce_it() function so it can parse list of additional domains strings and generate a hash in form of: domain1_name => { property1 => value1, property2 => value2, ..... propertyx => valuex }, domain2_name => { property1 => value1, property2 => value2, ..... propertyx => valuex }, .....and so on This form of hash is suitable to be taken by create_resources() function. Puppet define plugin_ldap::multiple_domain was also modified to comply with create_resources() function. Change-Id: I14321af5efa18f1381a51668ed1c5c50c06a0002 Closes-Bug: #1658655
Notes
Notes (review): Code-Review+1: Denis Egorenko <degorenko@mirantis.com> Code-Review+2: Ivan Berezovskiy <iberezovskiy@mirantis.com> Workflow+1: Ivan Berezovskiy <iberezovskiy@mirantis.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Mon, 13 Feb 2017 16:12:04 +0000 Reviewed-on: https://review.openstack.org/425801 Project: openstack/fuel-plugin-ldap Branch: refs/heads/master
-rw-r--r--deployment_scripts/puppet/modules/plugin_ldap/lib/puppet/parser/functions/parse_it.rb33
-rw-r--r--deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp6
-rw-r--r--deployment_scripts/puppet/modules/plugin_ldap/manifests/multiple_domain.pp115
3 files changed, 93 insertions, 61 deletions
diff --git a/deployment_scripts/puppet/modules/plugin_ldap/lib/puppet/parser/functions/parse_it.rb b/deployment_scripts/puppet/modules/plugin_ldap/lib/puppet/parser/functions/parse_it.rb
index 6df81da..46cb326 100644
--- a/deployment_scripts/puppet/modules/plugin_ldap/lib/puppet/parser/functions/parse_it.rb
+++ b/deployment_scripts/puppet/modules/plugin_ldap/lib/puppet/parser/functions/parse_it.rb
@@ -1,25 +1,32 @@
1module Puppet::Parser::Functions 1module Puppet::Parser::Functions
2 newfunction(:parse_it, :type => :rvalue, :doc => <<-EOS 2 newfunction(:parse_it, :type => :rvalue, :doc => <<-EOS
3This function parses text area, create hash and returns values 3This function parses text area, creates hash and returns it
4for keystone domain creation 4for keystone domains creation
5EOS 5EOS
6 ) do |args| 6 ) do |args|
7 7
8 param_hash = {} 8 domains_hash = {}
9 cert_chain = args[0].slice!(/^(ca_chain=-----BEGIN CERTIFICATE-----)(.*[\r\n])+(-----END CERTIFICATE-----[\s\S]*?)$/)
10 9
11 if cert_chain 10 args[0].each do |item|
12 splited_cert_chain = cert_chain.split('=',2) 11 param_hash = {}
13 param_hash[splited_cert_chain[0]] = splited_cert_chain[1] 12 cert_chain = item.slice!(/^(ca_chain=-----BEGIN CERTIFICATE-----)(.*[\r\n])+(-----END CERTIFICATE-----[\s\S]*?)$/)
14 end 13
14 if cert_chain
15 splited_cert_chain = cert_chain.split('=',2)
16 param_hash[splited_cert_chain[0]] = splited_cert_chain[1]
17 end
15 18
16 splited_text = args[0].split("\n") 19 splited_text = item.split("\n")
17 splited_text.each do |item| 20 splited_text.each do |param|
18 splited_line = item.split('=',2) 21 splited_line = param.split('=',2)
19 param_hash[splited_line[0]] = splited_line[1] 22 if splited_line[0] and splited_line[0] != :undef
23 param_hash[splited_line[0]] = splited_line[1]
24 end
25 end
26 domains_hash[param_hash['domain']] = param_hash
20 end 27 end
21 28
22 return param_hash 29 return domains_hash
23 end 30 end
24end 31end
25 32
diff --git a/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp b/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp
index 9905fd7..91ccb24 100644
--- a/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp
+++ b/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp
@@ -89,12 +89,14 @@ class plugin_ldap::controller {
89 #Create domains using info from text area 'List of additional Domains' 89 #Create domains using info from text area 'List of additional Domains'
90 if $additional_domains { 90 if $additional_domains {
91 $domains_list = split($additional_domains, '^$') 91 $domains_list = split($additional_domains, '^$')
92 plugin_ldap::multiple_domain { $domains_list: 92 $domains_hash = parse_it($domains_list)
93 $domain_defaults = {
93 identity_driver => $identity_driver, 94 identity_driver => $identity_driver,
94 ldap_proxy => $ldap_proxy, 95 ldap_proxy_default => $ldap_proxy,
95 management_vip => $management_vip, 96 management_vip => $management_vip,
96 slapd_config_template => $proxy_data[1], 97 slapd_config_template => $proxy_data[1],
97 } 98 }
99 create_resources(plugin_ldap::multiple_domain, $domains_hash, $domain_defaults)
98 } 100 }
99 101
100 file { '/etc/keystone/domains': 102 file { '/etc/keystone/domains':
diff --git a/deployment_scripts/puppet/modules/plugin_ldap/manifests/multiple_domain.pp b/deployment_scripts/puppet/modules/plugin_ldap/manifests/multiple_domain.pp
index 0c68154..5c96a1d 100644
--- a/deployment_scripts/puppet/modules/plugin_ldap/manifests/multiple_domain.pp
+++ b/deployment_scripts/puppet/modules/plugin_ldap/manifests/multiple_domain.pp
@@ -1,26 +1,49 @@
1define plugin_ldap::multiple_domain ( 1define plugin_ldap::multiple_domain (
2 $domain_info = $title, 2 $domain = $title,
3 $identity_driver = undef, 3 $identity_driver = undef,
4 $ldap_proxy = undef, 4 $url = undef,
5 $management_vip = undef, 5 $use_tls = undef,
6 $slapd_config_template = undef, 6 $ca_chain = undef,
7 $slapd_conf = '/etc/ldap/slapd.conf', 7 $suffix = undef,
8 $user = undef,
9 $password = undef,
10 $query_scope = undef,
11 $user_tree_dn = undef,
12 $user_filter = undef,
13 $user_objectclass = undef,
14 $user_id_attribute = undef,
15 $user_name_attribute = undef,
16 $user_pass_attribute = undef,
17 $user_enabled_attribute = undef,
18 $user_enabled_default = undef,
19 $user_enabled_mask = undef,
20 $user_allow_create = undef,
21 $user_allow_update = undef,
22 $user_allow_delete = undef,
23 $group_tree_dn = undef,
24 $group_filter = undef,
25 $group_objectclass = undef,
26 $group_id_attribute = undef,
27 $group_name_attribute = undef,
28 $group_member_attribute = undef,
29 $group_desc_attribute = undef,
30 $group_allow_create = undef,
31 $group_allow_update = undef,
32 $group_allow_delete = undef,
33 $page_size = undef,
34 $chase_referrals = undef,
35 $ldap_proxy = undef,
36 $ldap_proxy_default = undef,
37 $management_vip = undef,
38 $slapd_config_template = undef,
39 $slapd_conf = '/etc/ldap/slapd.conf',
8){ 40){
9 41
10 $domain_params_hash = parse_it($domain_info) 42 # ldap_url variable is used in slapd.conf templates
43 $ldap_url = $url
11 44
12 $domain = $domain_params_hash['domain'] 45 if $ldap_proxy_default and $ldap_proxy =~ /^[Tt]rue$/ {
13 $suffix = $domain_params_hash['suffix'] 46 $url_real = "ldap://${management_vip}"
14 $user_tree_dn = $domain_params_hash['user_tree_dn']
15 $user = $domain_params_hash['user']
16 $password = $domain_params_hash['password']
17 $ldap_url = $domain_params_hash['url']
18 $use_tls = $domain_params_hash['use_tls']
19 $ldap_proxy_multidomain = $domain_params_hash['ldap_proxy']
20 $ca_chain = $domain_params_hash['ca_chain']
21
22 if $ldap_proxy and $ldap_proxy_multidomain =~ /^[Tt]rue$/ {
23 $url = "ldap://${management_vip}"
24 47
25 if $domain in $slapd_config_template { 48 if $domain in $slapd_config_template {
26 if $use_tls =~ /^[Ff]alse$/ { 49 if $use_tls =~ /^[Ff]alse$/ {
@@ -48,44 +71,44 @@ define plugin_ldap::multiple_domain (
48 } 71 }
49 $tls = false 72 $tls = false
50 } else { 73 } else {
51 $url = $domain_params_hash['url'] 74 $url_real = $url
52 $tls = $use_tls ? { /^[Tt]rue$/ => true, default => false } 75 $tls = $use_tls ? { /^[Tt]rue$/ => true, default => false }
53 } 76 }
54 77
55 plugin_ldap::keystone { "$domain_params_hash['domain']" : 78 plugin_ldap::keystone { $domain :
56 domain => $domain, 79 domain => $domain,
57 identity_driver => $identity_driver, 80 identity_driver => $identity_driver,
58 url => $url, 81 url => $url_real,
59 use_tls => $tls, 82 use_tls => $tls,
60 ca_chain => $ca_chain, 83 ca_chain => $ca_chain,
61 suffix => $suffix, 84 suffix => $suffix,
62 user => $user, 85 user => $user,
63 password => $password, 86 password => $password,
64 query_scope => $domain_params_hash['query_scope'], 87 query_scope => $query_scope,
65 user_tree_dn => $user_tree_dn, 88 user_tree_dn => $user_tree_dn,
66 user_filter => $domain_params_hash['user_filter'], 89 user_filter => $user_filter,
67 user_objectclass => $domain_params_hash['user_objectclass'], 90 user_objectclass => $user_objectclass,
68 user_id_attribute => $domain_params_hash['user_id_attribute'], 91 user_id_attribute => $user_id_attribute,
69 user_name_attribute => $domain_params_hash['user_name_attribute'], 92 user_name_attribute => $user_name_attribute,
70 user_pass_attribute => $domain_params_hash['user_pass_attribute'], 93 user_pass_attribute => $user_pass_attribute,
71 user_enabled_attribute => $domain_params_hash['user_enabled_attribute'], 94 user_enabled_attribute => $user_enabled_attribute,
72 user_enabled_default => $domain_params_hash['user_enabled_default'], 95 user_enabled_default => $user_enabled_default,
73 user_enabled_mask => $domain_params_hash['user_enabled_mask'], 96 user_enabled_mask => $user_enabled_mask,
74 user_allow_create => $domain_params_hash['user_allow_create'], 97 user_allow_create => $user_allow_create,
75 user_allow_update => $domain_params_hash['user_allow_update'], 98 user_allow_update => $user_allow_update,
76 user_allow_delete => $domain_params_hash['user_allow_delete'], 99 user_allow_delete => $user_allow_delete,
77 group_tree_dn => $domain_params_hash['group_tree_dn'], 100 group_tree_dn => $group_tree_dn,
78 group_filter => $domain_params_hash['group_filter'], 101 group_filter => $group_filter,
79 group_objectclass => $domain_params_hash['group_objectclass'], 102 group_objectclass => $group_objectclass,
80 group_id_attribute => $domain_params_hash['group_id_attribute'], 103 group_id_attribute => $group_id_attribute,
81 group_name_attribute => $domain_params_hash['group_name_attribute'], 104 group_name_attribute => $group_name_attribute,
82 group_member_attribute => $domain_params_hash['group_member_attribute'], 105 group_member_attribute => $group_member_attribute,
83 group_desc_attribute => $domain_params_hash['group_desc_attribute'], 106 group_desc_attribute => $group_desc_attribute,
84 group_allow_create => $domain_params_hash['group_allow_create'], 107 group_allow_create => $group_allow_create,
85 group_allow_update => $domain_params_hash['group_allow_update'], 108 group_allow_update => $group_allow_update,
86 group_allow_delete => $domain_params_hash['group_allow_delete'], 109 group_allow_delete => $group_allow_delete,
87 page_size => $domain_params_hash['page_size'], 110 page_size => $page_size,
88 chase_referrals => $domain_params_hash['chase_referrals'], 111 chase_referrals => $chase_referrals,
89 } 112 }
90 113
91} 114}