Config attributes for OPENSTACK_KEYSTONE_BACKEND

Bumped version to 9.0.2 and added some more options to README.md

Closes-Bug: 1320274
Change-Id: I985ed5fc662cef82372bccb3cc7485e150cb9eb0

CHANGELOG.md

@@ -2,6 +2,9 @@ openstack-dashboard Cookbook CHANGELOG
 ==============================
 This file is used to list changes made in each version of the openstack-dashboard cookbook.
 
+## 9.0.2
+* Add support for configuring OPENSTACK_KEYSTONE_BACKEND
+
 ## 9.0.1
 ### Bug
 * Fix openstack_keystone_default_role default

README.md

@@ -35,27 +35,42 @@ Sets up the Horizon dashboard within an Apache `mod_wsgi` container.
 Attributes
 ==========
 
-* `openstack["dashboard"]["db"]["username"]` - username for horizon database access
-* `openstack["dashboard"]["server_hostname"]` - sets the ServerName in the Apache config.
-* `openstack["dashboard"]["use_ssl"]` - toggle for using ssl with dashboard (default true)
-* `openstack["dashboard"]["ssl"]["dir"]` - directory where ssl certs are stored on this system
-* `openstack["dashboard"]["dash_path"]` - base path for dashboard files (document root)
-* `openstack["dashboard"]["wsgi_path"]` - path for wsgi dir
-* `openstack["dashboard"]["wsgi_socket_prefix"]` - Location that will override the standard Apache runtime directory
-* `openstack["dashboard"]["ssl_offload"]` - Set SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') flag for offloading SSL
-* `openstack["dashboard"]["plugins"]` - Array of plugins to include via INSTALED\_APPS
-* `openstack["dashboard"]["simple_ip_management"]` - Boolean to enable or disable simplified floating IP address management
+* `openstack['dashboard']['db']['username']` - Username for horizon database access
+* `openstack['dashboard']['server_hostname']` - Sets the ServerName in the Apache config
+* `openstack['dashboard']['allowed_hosts']` - List of host/domain names we can service (default: '\[\*\]')
+* `openstack['dashboard']['dash_path']` - Base path for dashboard files (document root)
+* `openstack['dashboard']['wsgi_path']` - Path for wsgi dir
+* `openstack['dashboard']['wsgi_socket_prefix']` - Location that will override the standard Apache runtime directory
+* `openstack['dashboard']['ssl_offload']` - Set SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') flag for offloading SSL
+* `openstack['dashboard']['plugins']` - Array of plugins to include via INSTALED\_APPS
+* `openstack['dashboard']['simple_ip_management']` - Boolean to enable or disable simplified floating IP address management
 TODO: Add DB2 support on other platforms
-* `openstack["dashboard"]["platform"]["db2_python_packages"]` - Array of DB2 python packages, only available on redhat platform
-* `openstack['openstack']['dashboard']['http_port']` - Port that httpd should listen on. Default is 80.
-* `openstack['openstack']['dashboard']['https_port']` - Port that httpd should listen on for using ssl. Default is 443.
+* `openstack['dashboard']['platform']['db2_python_packages']` - Array of DB2 python packages, only available on redhat platform
+* `openstack['dashboard']['http_port']` - Port that httpd should listen on (default: 80)
+* `openstack['dashboard']['https_port']` - Port that httpd should listen on for using ssl (default: 443)
+* `openstack['dashboard']['password_autocomplete']` - Toggle browser autocompletion for login form ('on' or 'off', default: 'on')
+
+Identity
+--------
+* `openstack['dashboard']['identity_api_version']` - Force a specific Identity API version ('2.0' or '3', default: '2.0')
+* `openstack['dashboard']['keystone_multidomain_support']` - Boolean to enable multi-Domain support
+* `openstack['dashboard']['keystone_default_domain']` - Default Domain if using API v3 and on a single-domain model (default: 'Default')
+* `openstack['dashboard']['keystone_default_role']` - Default Keystone role assigned to project members (default: '_member_')
+* `openstack['dashboard']['keystone_backend']['name']` - Keystone backend in use ('native' or 'ldap', default: 'native')
+* `openstack['dashboard']['keystone_backend']['can_edit_user']` - Boolean to allow some user-related identity operations (default: true)
+* `openstack['dashboard']['keystone_backend']['can_edit_group']` - Boolean to allow some group-related identity operations (default: true)
+* `openstack['dashboard']['keystone_backend']['can_edit_project']` - Boolean to allow some project-related identity operations (default: true)
+* `openstack['dashboard']['keystone_backend']['can_edit_domain']` - Boolean to allow some domain-related identity operations (default: true)
+* `openstack['dashboard']['keystone_backend']['can_edit_role']` - Boolean to allow some role-related identity operations (default: true)
 
 Certificate
 -----------
-* `openstack["dashboard"]["ssl"]["cert"]` - name to use when creating the ssl certificate
-* `openstack["dashboard"]["ssl"]["cert_url"]` - if using an existing certificate, this is the URL to its location
-* `openstack["dashboard"]["ssl"]["key"]` - name to use when creating the ssl key
-* `openstack["dashboard"]["ssl"]["key_url"]` - if using an existing certificate key, this is the URL to its location
+* `openstack['dashboard']['use_ssl']` - Toggle for using ssl with dashboard (default: true)
+* `openstack['dashboard']['ssl']['dir']` - Directory where ssl certs are stored on this system (default: platform dependent)
+* `openstack['dashboard']['ssl']['cert']` - Name to use when creating the ssl certificate
+* `openstack['dashboard']['ssl']['cert_url']` - If using an existing certificate, this is the URL to its location
+* `openstack['dashboard']['ssl']['key']` - Name to use when creating the ssl key
+* `openstack['dashboard']['ssl']['key_url']` - If using an existing certificate key, this is the URL to its location
 
 By default the openstack-dashboard cookbook ships with a self-signed certificate from a fake organization.
 It is possible to use a real production certificate from your organization by putting that certificate

attributes/default.rb

@@ -145,6 +145,13 @@ default['openstack']['dashboard']['identity_api_version'] = 2.0
 default['openstack']['dashboard']['keystone_default_domain'] = 'Default'
 default['openstack']['dashboard']['console_type'] = 'AUTO'
 
+default['openstack']['dashboard']['keystone_backend']['name'] = 'native'
+default['openstack']['dashboard']['keystone_backend']['can_edit_user'] = true
+default['openstack']['dashboard']['keystone_backend']['can_edit_group'] = true
+default['openstack']['dashboard']['keystone_backend']['can_edit_project'] = true
+default['openstack']['dashboard']['keystone_backend']['can_edit_domain'] = true
+default['openstack']['dashboard']['keystone_backend']['can_edit_role'] = true
+
 default['openstack']['dashboard']['log_level']['horizon'] = 'INFO'
 default['openstack']['dashboard']['log_level']['openstack_dashboard'] = 'INFO'
 default['openstack']['dashboard']['log_level']['novaclient'] = 'INFO'

metadata.rb

@@ -4,7 +4,7 @@ maintainer_email 'cookbooks@lists.tfoundry.com'
 license          'Apache 2.0'
 description      'Installs/Configures the OpenStack Dasboard (Horizon)'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '9.0.1'
+version          '9.0.2'
 
 recipe           'openstack-dashboard::server', 'Sets up the Horizon dashboard within an Apache `mod_wsgi` container.'
 

spec/server_spec.rb

@@ -290,6 +290,27 @@ describe 'openstack-dashboard::server' do
           expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_KEYSTONE_DEFAULT_ROLE = "keystone_default_role_value"$/)
         end
 
+        context 'keystone_backend settings' do
+          %w(native ldap).each do |keystone_backend_name|
+            it "sets the backend name to #{keystone_backend_name}" do
+              node.set['openstack']['dashboard']['keystone_backend']['name'] = keystone_backend_name
+              expect(chef_run).to render_file(file.name).with_content(/^\s*'name': '#{keystone_backend_name}',$/)
+            end
+          end
+
+          %w(can_edit_user can_edit_group can_edit_project can_edit_domain can_edit_role).each do |keystone_setting|
+            it "enables the #{keystone_setting} keystone backend setting when the attribute is True" do
+              node.set['openstack']['dashboard']['keystone_backend'][keystone_setting] = true
+              expect(chef_run).to render_file(file.name).with_content(/^\s*\'#{keystone_setting}\': True,$/)
+            end
+
+            it "disables the #{keystone_setting} keystone backend setting when the attribute is False" do
+              node.set['openstack']['dashboard']['keystone_backend'][keystone_setting] = false
+              expect(chef_run).to render_file(file.name).with_content(/^\s*\'#{keystone_setting}\': False,$/)
+            end
+          end
+        end
+
         context 'neutron settings' do
           %w(enable_lb enable_quotas).each do |neutron_setting|
             it "enables the #{neutron_setting} setting when the attributes is True" do

templates/default/local_settings.py.erb

@@ -163,12 +163,12 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= node["openstack"]["dashboard"]["keystone_
 #
 # TODO(tres): Remove these once Keystone has an API to identify auth backend.
 OPENSTACK_KEYSTONE_BACKEND = {
-    'name': 'native',
-    'can_edit_user': True,
-    'can_edit_group': True,
-    'can_edit_project': True,
-    'can_edit_domain': True,
-    'can_edit_role': True
+    'name': '<%= node["openstack"]["dashboard"]["keystone_backend"]["name"] %>',
+    'can_edit_user': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_user"] ? "True" : "False" %>,
+    'can_edit_group': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_group"] ? "True" : "False" %>,
+    'can_edit_project': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_project"] ? "True" : "False" %>,
+    'can_edit_domain': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_domain"] ? "True" : "False" %>,
+    'can_edit_role': <%= node["openstack"]["dashboard"]["keystone_backend"]["can_edit_role"] ? "True" : "False" %>,
 }
 
 OPENSTACK_HYPERVISOR_FEATURES = {