Merge "Adjustment keystone configuration for Pike release"
diff --git a/_modules/keystone_policy.py b/_modules/keystone_policy.py
index 4e3ae6d..2e79f22 100644
--- a/_modules/keystone_policy.py
+++ b/_modules/keystone_policy.py
@@ -2,10 +2,56 @@
 import json
 import logging
 
-import yaml
-
 LOG = logging.getLogger(__name__)
 
+import yaml
+import yaml.constructor
+
+try:
+    # included in standard lib from Python 2.7
+    from collections import OrderedDict
+except ImportError:
+    # try importing the backported drop-in replacement
+    # it's available on PyPI
+    from ordereddict import OrderedDict
+
+# https://stackoverflow.com/questions/5121931/in-python-how-can-you-load-yaml-mappings-as-ordereddicts
+class OrderedDictYAMLLoader(yaml.Loader):
+    """
+    A YAML loader that loads mappings into ordered dictionaries.
+    """
+
+    def __init__(self, *args, **kwargs):
+        yaml.Loader.__init__(self, *args, **kwargs)
+
+        self.add_constructor(u'tag:yaml.org,2002:map', type(self).construct_yaml_map)
+        self.add_constructor(u'tag:yaml.org,2002:omap', type(self).construct_yaml_map)
+
+    def construct_yaml_map(self, node):
+        data = OrderedDict()
+        yield data
+        value = self.construct_mapping(node)
+        data.update(value)
+
+    def construct_mapping(self, node, deep=False):
+        if isinstance(node, yaml.MappingNode):
+            self.flatten_mapping(node)
+        else:
+            raise yaml.constructor.ConstructorError(None, None,
+                'expected a mapping node, but found %s' % node.id, node.start_mark)
+
+        mapping = OrderedDict()
+        for key_node, value_node in node.value:
+            key = self.construct_object(key_node, deep=deep)
+            try:
+                hash(key)
+            except TypeError, exc:
+                raise yaml.constructor.ConstructorError('while constructing a mapping',
+                    node.start_mark, 'found unacceptable key (%s)' % exc, key_node.start_mark)
+            value = self.construct_object(value_node, deep=deep)
+            mapping[key] = value
+        return mapping
+
 
 def __virtual__():
     return True
@@ -14,8 +60,7 @@
 def rule_list(path, **kwargs):
     try:
         with io.open(path, 'r') as file_handle:
-            rules = yaml.safe_load(file_handle) or {}
-        rules = {str(k): str(v) for (k, v) in rules.items()}
+            rules = yaml.load(file_handle, OrderedDictYAMLLoader) or OrderedDict()
     except Exception as e:
         msg = "Unable to load policy file %s: %s" % (path, repr(e))
         LOG.debug(msg)
diff --git a/keystone/server.sls b/keystone/server.sls
index 0e0136a..9996eb3 100644
--- a/keystone/server.sls
+++ b/keystone/server.sls
@@ -337,6 +337,8 @@
   - require:
     - keystone: keystone_service_tenant
 
+{%- if not server.get('ldap', {}).get('read_only', False) %}
+
 keystone_admin_user:
   keystone.user_present:
   - name: {{ server.admin_name }}
@@ -354,6 +356,8 @@
 
 {%- endif %}
 
+{%- endif %}
+
 {%- for service_name, service in server.get('service', {}).iteritems() %}
 
 keystone_{{ service_name }}_service: