From 7cf2e0f36ee174796f15d6e0cbcbfdaef55d4fe3 Mon Sep 17 00:00:00 2001 From: Mykyta Karpin Date: Thu, 26 Jan 2017 19:27:27 +0200 Subject: [PATCH] Rewrite additional domains generation This patch makes use of Puppet native function create_resources() in order to generate Keystone domain resources from hash provided by parce_it() function. This approach required modification of parce_it() function so it can parse list of additional domains strings and generate a hash in form of: domain1_name => { property1 => value1, property2 => value2, ..... propertyx => valuex }, domain2_name => { property1 => value1, property2 => value2, ..... propertyx => valuex }, .....and so on This form of hash is suitable to be taken by create_resources() function. Puppet define plugin_ldap::multiple_domain was also modified to comply with create_resources() function. Change-Id: I14321af5efa18f1381a51668ed1c5c50c06a0002 Closes-Bug: #1658655 --- .../lib/puppet/parser/functions/parse_it.rb | 35 +++--- .../plugin_ldap/manifests/controller.pp | 6 +- .../plugin_ldap/manifests/multiple_domain.pp | 115 +++++++++++------- 3 files changed, 94 insertions(+), 62 deletions(-) diff --git a/deployment_scripts/puppet/modules/plugin_ldap/lib/puppet/parser/functions/parse_it.rb b/deployment_scripts/puppet/modules/plugin_ldap/lib/puppet/parser/functions/parse_it.rb index 6df81da..46cb326 100644 --- a/deployment_scripts/puppet/modules/plugin_ldap/lib/puppet/parser/functions/parse_it.rb +++ b/deployment_scripts/puppet/modules/plugin_ldap/lib/puppet/parser/functions/parse_it.rb @@ -1,25 +1,32 @@ module Puppet::Parser::Functions newfunction(:parse_it, :type => :rvalue, :doc => <<-EOS -This function parses text area, create hash and returns values -for keystone domain creation +This function parses text area, creates hash and returns it +for keystone domains creation EOS ) do |args| - param_hash = {} - cert_chain = args[0].slice!(/^(ca_chain=-----BEGIN CERTIFICATE-----)(.*[\r\n])+(-----END CERTIFICATE-----[\s\S]*?)$/) + domains_hash = {} - if cert_chain - splited_cert_chain = cert_chain.split('=',2) - param_hash[splited_cert_chain[0]] = splited_cert_chain[1] + args[0].each do |item| + param_hash = {} + cert_chain = item.slice!(/^(ca_chain=-----BEGIN CERTIFICATE-----)(.*[\r\n])+(-----END CERTIFICATE-----[\s\S]*?)$/) + + if cert_chain + splited_cert_chain = cert_chain.split('=',2) + param_hash[splited_cert_chain[0]] = splited_cert_chain[1] + end + + splited_text = item.split("\n") + splited_text.each do |param| + splited_line = param.split('=',2) + if splited_line[0] and splited_line[0] != :undef + param_hash[splited_line[0]] = splited_line[1] + end + end + domains_hash[param_hash['domain']] = param_hash end - splited_text = args[0].split("\n") - splited_text.each do |item| - splited_line = item.split('=',2) - param_hash[splited_line[0]] = splited_line[1] - end - - return param_hash + return domains_hash end end diff --git a/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp b/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp index 9905fd7..91ccb24 100644 --- a/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp +++ b/deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp @@ -89,12 +89,14 @@ class plugin_ldap::controller { #Create domains using info from text area 'List of additional Domains' if $additional_domains { $domains_list = split($additional_domains, '^$') - plugin_ldap::multiple_domain { $domains_list: + $domains_hash = parse_it($domains_list) + $domain_defaults = { identity_driver => $identity_driver, - ldap_proxy => $ldap_proxy, + ldap_proxy_default => $ldap_proxy, management_vip => $management_vip, slapd_config_template => $proxy_data[1], } + create_resources(plugin_ldap::multiple_domain, $domains_hash, $domain_defaults) } file { '/etc/keystone/domains': diff --git a/deployment_scripts/puppet/modules/plugin_ldap/manifests/multiple_domain.pp b/deployment_scripts/puppet/modules/plugin_ldap/manifests/multiple_domain.pp index 0c68154..5c96a1d 100644 --- a/deployment_scripts/puppet/modules/plugin_ldap/manifests/multiple_domain.pp +++ b/deployment_scripts/puppet/modules/plugin_ldap/manifests/multiple_domain.pp @@ -1,26 +1,49 @@ define plugin_ldap::multiple_domain ( - $domain_info = $title, - $identity_driver = undef, - $ldap_proxy = undef, - $management_vip = undef, - $slapd_config_template = undef, - $slapd_conf = '/etc/ldap/slapd.conf', + $domain = $title, + $identity_driver = undef, + $url = undef, + $use_tls = undef, + $ca_chain = undef, + $suffix = undef, + $user = undef, + $password = undef, + $query_scope = undef, + $user_tree_dn = undef, + $user_filter = undef, + $user_objectclass = undef, + $user_id_attribute = undef, + $user_name_attribute = undef, + $user_pass_attribute = undef, + $user_enabled_attribute = undef, + $user_enabled_default = undef, + $user_enabled_mask = undef, + $user_allow_create = undef, + $user_allow_update = undef, + $user_allow_delete = undef, + $group_tree_dn = undef, + $group_filter = undef, + $group_objectclass = undef, + $group_id_attribute = undef, + $group_name_attribute = undef, + $group_member_attribute = undef, + $group_desc_attribute = undef, + $group_allow_create = undef, + $group_allow_update = undef, + $group_allow_delete = undef, + $page_size = undef, + $chase_referrals = undef, + $ldap_proxy = undef, + $ldap_proxy_default = undef, + $management_vip = undef, + $slapd_config_template = undef, + $slapd_conf = '/etc/ldap/slapd.conf', ){ - $domain_params_hash = parse_it($domain_info) + # ldap_url variable is used in slapd.conf templates + $ldap_url = $url - $domain = $domain_params_hash['domain'] - $suffix = $domain_params_hash['suffix'] - $user_tree_dn = $domain_params_hash['user_tree_dn'] - $user = $domain_params_hash['user'] - $password = $domain_params_hash['password'] - $ldap_url = $domain_params_hash['url'] - $use_tls = $domain_params_hash['use_tls'] - $ldap_proxy_multidomain = $domain_params_hash['ldap_proxy'] - $ca_chain = $domain_params_hash['ca_chain'] - - if $ldap_proxy and $ldap_proxy_multidomain =~ /^[Tt]rue$/ { - $url = "ldap://${management_vip}" + if $ldap_proxy_default and $ldap_proxy =~ /^[Tt]rue$/ { + $url_real = "ldap://${management_vip}" if $domain in $slapd_config_template { if $use_tls =~ /^[Ff]alse$/ { @@ -48,44 +71,44 @@ define plugin_ldap::multiple_domain ( } $tls = false } else { - $url = $domain_params_hash['url'] + $url_real = $url $tls = $use_tls ? { /^[Tt]rue$/ => true, default => false } } - plugin_ldap::keystone { "$domain_params_hash['domain']" : + plugin_ldap::keystone { $domain : domain => $domain, identity_driver => $identity_driver, - url => $url, + url => $url_real, use_tls => $tls, ca_chain => $ca_chain, suffix => $suffix, user => $user, password => $password, - query_scope => $domain_params_hash['query_scope'], + query_scope => $query_scope, user_tree_dn => $user_tree_dn, - user_filter => $domain_params_hash['user_filter'], - user_objectclass => $domain_params_hash['user_objectclass'], - user_id_attribute => $domain_params_hash['user_id_attribute'], - user_name_attribute => $domain_params_hash['user_name_attribute'], - user_pass_attribute => $domain_params_hash['user_pass_attribute'], - user_enabled_attribute => $domain_params_hash['user_enabled_attribute'], - user_enabled_default => $domain_params_hash['user_enabled_default'], - user_enabled_mask => $domain_params_hash['user_enabled_mask'], - user_allow_create => $domain_params_hash['user_allow_create'], - user_allow_update => $domain_params_hash['user_allow_update'], - user_allow_delete => $domain_params_hash['user_allow_delete'], - group_tree_dn => $domain_params_hash['group_tree_dn'], - group_filter => $domain_params_hash['group_filter'], - group_objectclass => $domain_params_hash['group_objectclass'], - group_id_attribute => $domain_params_hash['group_id_attribute'], - group_name_attribute => $domain_params_hash['group_name_attribute'], - group_member_attribute => $domain_params_hash['group_member_attribute'], - group_desc_attribute => $domain_params_hash['group_desc_attribute'], - group_allow_create => $domain_params_hash['group_allow_create'], - group_allow_update => $domain_params_hash['group_allow_update'], - group_allow_delete => $domain_params_hash['group_allow_delete'], - page_size => $domain_params_hash['page_size'], - chase_referrals => $domain_params_hash['chase_referrals'], + user_filter => $user_filter, + user_objectclass => $user_objectclass, + user_id_attribute => $user_id_attribute, + user_name_attribute => $user_name_attribute, + user_pass_attribute => $user_pass_attribute, + user_enabled_attribute => $user_enabled_attribute, + user_enabled_default => $user_enabled_default, + user_enabled_mask => $user_enabled_mask, + user_allow_create => $user_allow_create, + user_allow_update => $user_allow_update, + user_allow_delete => $user_allow_delete, + group_tree_dn => $group_tree_dn, + group_filter => $group_filter, + group_objectclass => $group_objectclass, + group_id_attribute => $group_id_attribute, + group_name_attribute => $group_name_attribute, + group_member_attribute => $group_member_attribute, + group_desc_attribute => $group_desc_attribute, + group_allow_create => $group_allow_create, + group_allow_update => $group_allow_update, + group_allow_delete => $group_allow_delete, + page_size => $page_size, + chase_referrals => $chase_referrals, } }