Rewrite additional domains generation

This patch makes use of Puppet native function
create_resources() in order to generate
Keystone domain resources from hash
provided by parce_it() function.

This approach required modification of parce_it()
function so it can parse list of additional domains strings
and generate a hash in form of:

domain1_name => { property1 => value1,
                  property2 => value2,
                  .....
                  propertyx => valuex },
domain2_name => { property1 => value1,
                  property2 => value2,
                  .....
                  propertyx => valuex },
.....and so on

This form of hash is suitable to be taken by create_resources()
function. Puppet define plugin_ldap::multiple_domain
was also modified to comply with create_resources()
function.

Change-Id: I14321af5efa18f1381a51668ed1c5c50c06a0002
Closes-Bug: #1658655
This commit is contained in:
Mykyta Karpin 2017-01-26 19:27:27 +02:00
parent 8fb5b0c369
commit 7cf2e0f36e
3 changed files with 94 additions and 62 deletions

View File

@ -1,25 +1,32 @@
module Puppet::Parser::Functions
newfunction(:parse_it, :type => :rvalue, :doc => <<-EOS
This function parses text area, create hash and returns values
for keystone domain creation
This function parses text area, creates hash and returns it
for keystone domains creation
EOS
) do |args|
param_hash = {}
cert_chain = args[0].slice!(/^(ca_chain=-----BEGIN CERTIFICATE-----)(.*[\r\n])+(-----END CERTIFICATE-----[\s\S]*?)$/)
domains_hash = {}
if cert_chain
splited_cert_chain = cert_chain.split('=',2)
param_hash[splited_cert_chain[0]] = splited_cert_chain[1]
args[0].each do |item|
param_hash = {}
cert_chain = item.slice!(/^(ca_chain=-----BEGIN CERTIFICATE-----)(.*[\r\n])+(-----END CERTIFICATE-----[\s\S]*?)$/)
if cert_chain
splited_cert_chain = cert_chain.split('=',2)
param_hash[splited_cert_chain[0]] = splited_cert_chain[1]
end
splited_text = item.split("\n")
splited_text.each do |param|
splited_line = param.split('=',2)
if splited_line[0] and splited_line[0] != :undef
param_hash[splited_line[0]] = splited_line[1]
end
end
domains_hash[param_hash['domain']] = param_hash
end
splited_text = args[0].split("\n")
splited_text.each do |item|
splited_line = item.split('=',2)
param_hash[splited_line[0]] = splited_line[1]
end
return param_hash
return domains_hash
end
end

View File

@ -89,12 +89,14 @@ class plugin_ldap::controller {
#Create domains using info from text area 'List of additional Domains'
if $additional_domains {
$domains_list = split($additional_domains, '^$')
plugin_ldap::multiple_domain { $domains_list:
$domains_hash = parse_it($domains_list)
$domain_defaults = {
identity_driver => $identity_driver,
ldap_proxy => $ldap_proxy,
ldap_proxy_default => $ldap_proxy,
management_vip => $management_vip,
slapd_config_template => $proxy_data[1],
}
create_resources(plugin_ldap::multiple_domain, $domains_hash, $domain_defaults)
}
file { '/etc/keystone/domains':

View File

@ -1,26 +1,49 @@
define plugin_ldap::multiple_domain (
$domain_info = $title,
$identity_driver = undef,
$ldap_proxy = undef,
$management_vip = undef,
$slapd_config_template = undef,
$slapd_conf = '/etc/ldap/slapd.conf',
$domain = $title,
$identity_driver = undef,
$url = undef,
$use_tls = undef,
$ca_chain = undef,
$suffix = undef,
$user = undef,
$password = undef,
$query_scope = undef,
$user_tree_dn = undef,
$user_filter = undef,
$user_objectclass = undef,
$user_id_attribute = undef,
$user_name_attribute = undef,
$user_pass_attribute = undef,
$user_enabled_attribute = undef,
$user_enabled_default = undef,
$user_enabled_mask = undef,
$user_allow_create = undef,
$user_allow_update = undef,
$user_allow_delete = undef,
$group_tree_dn = undef,
$group_filter = undef,
$group_objectclass = undef,
$group_id_attribute = undef,
$group_name_attribute = undef,
$group_member_attribute = undef,
$group_desc_attribute = undef,
$group_allow_create = undef,
$group_allow_update = undef,
$group_allow_delete = undef,
$page_size = undef,
$chase_referrals = undef,
$ldap_proxy = undef,
$ldap_proxy_default = undef,
$management_vip = undef,
$slapd_config_template = undef,
$slapd_conf = '/etc/ldap/slapd.conf',
){
$domain_params_hash = parse_it($domain_info)
# ldap_url variable is used in slapd.conf templates
$ldap_url = $url
$domain = $domain_params_hash['domain']
$suffix = $domain_params_hash['suffix']
$user_tree_dn = $domain_params_hash['user_tree_dn']
$user = $domain_params_hash['user']
$password = $domain_params_hash['password']
$ldap_url = $domain_params_hash['url']
$use_tls = $domain_params_hash['use_tls']
$ldap_proxy_multidomain = $domain_params_hash['ldap_proxy']
$ca_chain = $domain_params_hash['ca_chain']
if $ldap_proxy and $ldap_proxy_multidomain =~ /^[Tt]rue$/ {
$url = "ldap://${management_vip}"
if $ldap_proxy_default and $ldap_proxy =~ /^[Tt]rue$/ {
$url_real = "ldap://${management_vip}"
if $domain in $slapd_config_template {
if $use_tls =~ /^[Ff]alse$/ {
@ -48,44 +71,44 @@ define plugin_ldap::multiple_domain (
}
$tls = false
} else {
$url = $domain_params_hash['url']
$url_real = $url
$tls = $use_tls ? { /^[Tt]rue$/ => true, default => false }
}
plugin_ldap::keystone { "$domain_params_hash['domain']" :
plugin_ldap::keystone { $domain :
domain => $domain,
identity_driver => $identity_driver,
url => $url,
url => $url_real,
use_tls => $tls,
ca_chain => $ca_chain,
suffix => $suffix,
user => $user,
password => $password,
query_scope => $domain_params_hash['query_scope'],
query_scope => $query_scope,
user_tree_dn => $user_tree_dn,
user_filter => $domain_params_hash['user_filter'],
user_objectclass => $domain_params_hash['user_objectclass'],
user_id_attribute => $domain_params_hash['user_id_attribute'],
user_name_attribute => $domain_params_hash['user_name_attribute'],
user_pass_attribute => $domain_params_hash['user_pass_attribute'],
user_enabled_attribute => $domain_params_hash['user_enabled_attribute'],
user_enabled_default => $domain_params_hash['user_enabled_default'],
user_enabled_mask => $domain_params_hash['user_enabled_mask'],
user_allow_create => $domain_params_hash['user_allow_create'],
user_allow_update => $domain_params_hash['user_allow_update'],
user_allow_delete => $domain_params_hash['user_allow_delete'],
group_tree_dn => $domain_params_hash['group_tree_dn'],
group_filter => $domain_params_hash['group_filter'],
group_objectclass => $domain_params_hash['group_objectclass'],
group_id_attribute => $domain_params_hash['group_id_attribute'],
group_name_attribute => $domain_params_hash['group_name_attribute'],
group_member_attribute => $domain_params_hash['group_member_attribute'],
group_desc_attribute => $domain_params_hash['group_desc_attribute'],
group_allow_create => $domain_params_hash['group_allow_create'],
group_allow_update => $domain_params_hash['group_allow_update'],
group_allow_delete => $domain_params_hash['group_allow_delete'],
page_size => $domain_params_hash['page_size'],
chase_referrals => $domain_params_hash['chase_referrals'],
user_filter => $user_filter,
user_objectclass => $user_objectclass,
user_id_attribute => $user_id_attribute,
user_name_attribute => $user_name_attribute,
user_pass_attribute => $user_pass_attribute,
user_enabled_attribute => $user_enabled_attribute,
user_enabled_default => $user_enabled_default,
user_enabled_mask => $user_enabled_mask,
user_allow_create => $user_allow_create,
user_allow_update => $user_allow_update,
user_allow_delete => $user_allow_delete,
group_tree_dn => $group_tree_dn,
group_filter => $group_filter,
group_objectclass => $group_objectclass,
group_id_attribute => $group_id_attribute,
group_name_attribute => $group_name_attribute,
group_member_attribute => $group_member_attribute,
group_desc_attribute => $group_desc_attribute,
group_allow_create => $group_allow_create,
group_allow_update => $group_allow_update,
group_allow_delete => $group_allow_delete,
page_size => $page_size,
chase_referrals => $chase_referrals,
}
}