Enable creating the domain for LDAP backends

this enables the creation of the actual keystone domain if the
configuration is created (via the ldap_backend resource). This is done
with the flag create_domain_entry which is false by default.

Change-Id: Ib6c633b6a975e4b760c10a2aef3c252885b05e28
(cherry picked from commit d7bc6907d3)

manifests/ldap_backend.pp

@@ -373,6 +373,11 @@
 #   LDAP support packages.
 #   Defaults to true.
 #
+# [*create_domain_entry*]
+#   (optional) Creates the domain in keystone via a keystone_domain resource
+#   and attempts to refresh the kesytone service.
+#   Defaults to false.
+#
 # === DEPRECATED group/name
 #
 # == Dependencies
@@ -461,6 +466,7 @@ define keystone::ldap_backend(
   $auth_pool_connection_lifetime       = 60,
   $package_ensure                      = present,
   $manage_packages                     = true,
+  $create_domain_entry                 = false,
 ) {
 
   include ::keystone::deps
@@ -582,4 +588,13 @@ and \"${domain_dir_enabled}\" for identity/domain_config_dir"
     "${domain}::credential/driver":                         value => $credential_driver;
     "${domain}::assignment/driver":                         value => $assignment_driver;
   }
+
+  if $create_domain_entry {
+    keystone_domain { $domain :
+      ensure  => 'present',
+      enabled => true,
+      tag     => 'domain-specific-ldap'
+    }
+    Keystone_domain[$domain] ~> Exec<| title == 'restart_keystone' |>
+  }
 }

releasenotes/notes/Create-domain-on-ldap_backend-resource-ac3cc85bc101883e.yaml

@@ -0,0 +1,7 @@
+---
+features:
+  - The flag 'create_domain_entry' was added to the 'keystone::ldap_backend'
+    resource. It defaults to false. But, if set to true, it will create the
+    domain in keystone and will attempt to refresh the keystone server. Note
+    that in order for the keystone server to be refreshed, the 'manage_service'
+    and 'enabled' flags need to be set in the base ::keystone module.

spec/defines/keystone_ldap_backend_spec.rb

@@ -5,6 +5,11 @@ describe 'keystone::ldap_backend' do
     let(:title) { 'Default' }
     let(:pre_condition) do
       <<-EOM
+      exec { 'restart_keystone':
+        path        => ['/usr/sbin', '/usr/bin', '/sbin', '/bin/'],
+        command     => "service ${service_name_real} restart",
+        refreshonly => true,
+      }
       keystone_config {'identity/domain_specific_drivers_enabled': value => true}
       keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'}
       file {'/etc/keystone/keystone.conf': ensure => present }
@@ -195,6 +200,20 @@ describe 'keystone::ldap_backend' do
         # drivers
         is_expected.to contain_keystone_domain_config('Default::identity/driver').with_value('ldap')
       end
+
+      context 'with keystone domain creation enabled' do
+        before do
+          params.merge! ({
+            :create_domain_entry => true
+          })
+        end
+        it 'creates the keystone domain and refreshes the service' do
+          is_expected.to contain_keystone_domain(title).with(
+            :ensure  => 'present',
+            :enabled => true
+          )
+        end
+      end
     end
   end