Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / af25d8da84c7579fe5360dbe1c1222f2128aa4ab^! / .
commitaf25d8da84c7579fe5360dbe1c1222f2128aa4ab[log] [tgz]
authorFilip Pytloun <filip@pytloun.cz>Tue Jan 12 14:21:39 2016 +0100
committerFilip Pytloun <filip@pytloun.cz>Tue Jan 12 14:21:39 2016 +0100
treeafe137b44ef635eef780ae7c09c11bfb34015bfc
parent5b50385ef03c372faa71d4d649e17495ac803010 [diff]
Multi-domain fixes

diff --git a/README.rst b/README.rst
index ae0bd39..d1f0602 100644
--- a/README.rst
+++ b/README.rst

@@ -167,6 +167,7 @@
     keystone:
       server:
         domain:
+          description: "Testing domain"
           backend: ldap
           assignment:
             backend: sql

diff --git a/keystone/files/keystone.domain.conf b/keystone/files/keystone.domain.conf
index 9bf4271..d87b6d9 100644
--- a/keystone/files/keystone.domain.conf
+++ b/keystone/files/keystone.domain.conf

@@ -1,9 +1,5 @@
 {% from "keystone/map.jinja" import server with context %}
-{%- for name, dm in server.domain.iteritems() %}
-{%- if name == domain_name %}
-{%- set domain = dm %}
-{%- endif %}
-{%- endfor %}
+{%- set domain = server.domain.get(domain_name) %}
 
 {%- if domain.get("backend", "sql") == "ldap" %}
 [ldap]
@@ -36,9 +32,9 @@
 group_allow_update = false
 group_allow_delete = false
 
-{%- if ldap.get("tls", {}).get("enabled", true) %}
+{%- if domain.ldap.get("tls", {}).get("enabled", False) %}
 use_tls = true
-{%- if ldap.tls.cacertfile %}
+{%- if domain.ldap.tls.cacertfile is defined %}
 tls_cacertfile = /etc/ipa/ca.crt
 {%- endif %}
 {%- endif %}

diff --git a/keystone/files/kilo/keystone.conf.Debian b/keystone/files/kilo/keystone.conf.Debian
index 29ec0ef..29b91dc 100644
--- a/keystone/files/kilo/keystone.conf.Debian
+++ b/keystone/files/kilo/keystone.conf.Debian

@@ -706,7 +706,7 @@
 # cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API.
 # There is nothing special about this domain, other than the fact that it must
 # exist to order to maintain support for your v2 clients. (string value)
-{%- if server.get('domain' {}) %}
+{%- if server.get('domain', {}) %}
 {%- for name, domain in server.domain.iteritems() %}
 {%- if domain.get('default', False) %}
 default_domain_id = {{ name }}
@@ -720,7 +720,7 @@
 # setting of domain_configurations_from_database). Only values specific to the
 # domain need to be specified in this manner. This feature is disabled by
 # default; set to true to enable. (boolean value)
-{%- if server.get('domain' {}) %}
+{%- if server.get('domain', {}) %}
 domain_specific_drivers_enabled = true
 {%- endif %}
 
@@ -733,7 +733,7 @@
 
 # Path for Keystone to locate the domain specific identity configuration files
 # if domain_specific_drivers_enabled is set to true. (string value)
-{%- if server.get('domain' {}) %}
+{%- if server.get('domain', {}) %}
 domain_config_dir = /etc/keystone/domains
 {%- endif %}
 

diff --git a/keystone/files/liberty/keystone.conf.Debian b/keystone/files/liberty/keystone.conf.Debian
index 02925bc..9e06d1b 100644
--- a/keystone/files/liberty/keystone.conf.Debian
+++ b/keystone/files/liberty/keystone.conf.Debian

@@ -832,7 +832,7 @@
 # cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API.
 # There is nothing special about this domain, other than the fact that it must
 # exist to order to maintain support for your v2 clients. (string value)
-{%- if server.get('domain' {}) %}
+{%- if server.get('domain', {}) %}
 {%- for name, domain in server.domain.iteritems() %}
 {%- if domain.get('default', False) %}
 default_domain_id = {{ name }}
@@ -846,7 +846,7 @@
 # setting of domain_configurations_from_database). Only values specific to the
 # domain need to be specified in this manner. This feature is disabled by
 # default; set to true to enable. (boolean value)
-{%- if server.get('domain' {}) %}
+{%- if server.get('domain', {}) %}
 domain_specific_drivers_enabled = true
 {%- endif %}
 
@@ -859,7 +859,7 @@
 
 # Path for Keystone to locate the domain specific identity configuration files
 # if domain_specific_drivers_enabled is set to true. (string value)
-{%- if server.get('domain' {}) %}
+{%- if server.get('domain', {}) %}
 domain_config_dir = /etc/keystone/domains
 {%- endif %}
 

diff --git a/keystone/server.sls b/keystone/server.sls
index 926614f..6173ec6 100644
--- a/keystone/server.sls
+++ b/keystone/server.sls

@@ -66,12 +66,13 @@
 /etc/keystone/domains/keystone.{{ domain_name }}.conf:
   file.managed:
     - source: salt://keystone/files/keystone.domain.conf
+    - template: jinja
     - require:
       - file: /etc/keystone/domains
     - watch_in:
       - service: keystone_service
     - defaults:
-      - domain_name: {{ domain_name }}
+        domain_name: {{ domain_name }}
 
 keystone_domain_{{ domain_name }}:
   cmd.run: