define plugin_ldap::keystone ( $domain = $name, $identity_driver = undef, $url = undef, $use_tls = undef, $ca_chain = undef, $suffix = undef, $user = undef, $password = undef, $query_scope = undef, $user_tree_dn = undef, $user_filter = undef, $user_objectclass = undef, $user_id_attribute = undef, $user_name_attribute = undef, $user_pass_attribute = undef, $user_enabled_attribute = undef, $user_enabled_default = undef, $user_enabled_mask = undef, $user_allow_create = undef, $user_allow_update = undef, $user_allow_delete = undef, $group_tree_dn = undef, $group_filter = undef, $group_objectclass = undef, $group_id_attribute = undef, $group_name_attribute = undef, $group_member_attribute = undef, $group_desc_attribute = undef, $group_allow_create = undef, $group_allow_update = undef, $group_allow_delete = undef, $page_size = undef, $chase_referrals = undef, ){ if $use_tls { plugin_ldap::tls { "${domain}_tls_certificate" : domain_tls => $domain, ca_chain => $ca_chain, } if $ca_chain { $tls_cacertdir = '/etc/ssl/certs' } else { $tls_cacertdir = '' } } file { "/etc/keystone/domains/keystone.${domain}.conf": ensure => 'file', owner => 'root', group => 'root', mode => '0644', require => File['/etc/keystone/domains'], } File["/etc/keystone/domains/keystone.${domain}.conf"] -> Keystone_config <||> Keystone_config { provider => 'ini_setting_domain', } keystone_config { "${domain}/identity/driver": value => $identity_driver; "${domain}/ldap/url": value => $url; "${domain}/ldap/use_tls": value => $use_tls; "${domain}/ldap/tls_cacertdir": value => $tls_cacertdir; "${domain}/ldap/suffix": value => $suffix; "${domain}/ldap/user": value => $user; "${domain}/ldap/password": value => $password; "${domain}/ldap/query_scope": value => $query_scope; "${domain}/ldap/user_tree_dn": value => $user_tree_dn; "${domain}/ldap/user_filter": value => $user_filter; "${domain}/ldap/user_objectclass": value => $user_objectclass; "${domain}/ldap/user_id_attribute": value => $user_id_attribute; "${domain}/ldap/user_name_attribute": value => $user_name_attribute; "${domain}/ldap/user_pass_attribute": value => $user_pass_attribute; "${domain}/ldap/user_enabled_attribute": value => $user_enabled_attribute; "${domain}/ldap/user_enabled_default": value => $user_enabled_default; "${domain}/ldap/user_enabled_mask": value => $user_enabled_mask; "${domain}/ldap/user_allow_create": value => $user_allow_create; "${domain}/ldap/user_allow_update": value => $user_allow_update; "${domain}/ldap/user_allow_delete": value => $user_allow_delete; "${domain}/ldap/group_tree_dn": value => $group_tree_dn; "${domain}/ldap/group_filter": value => $group_filter; "${domain}/ldap/group_objectclass": value => $group_objectclass; "${domain}/ldap/group_id_attribute": value => $group_id_attribute; "${domain}/ldap/group_name_attribute": value => $group_name_attribute; "${domain}/ldap/group_member_attribute": value => $group_member_attribute; "${domain}/ldap/group_desc_attribute": value => $group_desc_attribute; "${domain}/ldap/group_allow_create": value => $group_allow_create; "${domain}/ldap/group_allow_update": value => $group_allow_update; "${domain}/ldap/group_allow_delete": value => $group_allow_delete; "${domain}/ldap/page_size": value => $page_size; "${domain}/ldap/chase_referrals": value => $chase_referrals; } keystone_domain { "${domain}": ensure => present, enabled => true, } }