puppet-keystone

support Keystone with read-only LDAP identity backend

Bug #1391373 reported by Richard Megginson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-keystone
Fix Released
Undecided
Richard Megginson
puppet-keystone 6.0.0 "6.0.0"
Icehouse
Won't Fix
Undecided
Unassigned
puppet-keystone 4.0.0 "4.0.0"
Juno
Fix Released
Undecided
Unassigned
puppet-keystone 5.1.0 "5.1.0"

Bug Description

Many organizations have LDAP servers with users that they want to use with OpenStack via Keystone, but they don't want Keystone to have write access to the LDAP server, they just want Keystone to be able to use the authentication, user, and group information. Puppet should have a way to install Keystone to use a read-only LDAP identity backend.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/133601

Changed in puppet-keystone:
assignee: nobody → Richard Megginson (rmeggins)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-keystone (master)

Reviewed: https://review.openstack.org/133601
Committed: https://git.openstack.org/cgit/stackforge/puppet-keystone/commit/?id=1b8010e44fb3a6ec8554dc813314e7e254378da9
Submitter: Jenkins
Branch: master

commit 1b8010e44fb3a6ec8554dc813314e7e254378da9
Author: Rich Megginson <email address hidden>
Date: Tue Oct 28 08:12:52 2014 -0600

    handle missing project/tenant when using ldap backend

    The project/tenant is only stored with the user when using
    the sql (default) backend. This means calls like user list
    and user show will not show the default project. For getting
    the project/tenant, if it is not present in the instances
    information provided by user list --long, we don't actually
    get the project/tenant, we just check to see if the user is
    assigned to the given tenant/project. For setting the
    project/tenant, this is usually done with user create, but when
    ldap is read-only, we have to use role add to add the user to a
    default _member_ role and at the same time assign the user to a
    given project/tenant. This also adds support for using the
    openstack $obj show commands which return --format shell output,
    and return a hash of key/value pairs.

    Closes-Bug: #1391373
    Change-Id: I9a4f72f9a1de200b324aa52eb3ea90d15423c062

Changed in puppet-keystone:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-keystone (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/150041

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-keystone (stable/juno)

Reviewed: https://review.openstack.org/150041
Committed: https://git.openstack.org/cgit/stackforge/puppet-keystone/commit/?id=8cc6ec605954cf46cb321d644b07d9fe43795823
Submitter: Jenkins
Branch: stable/juno

commit 8cc6ec605954cf46cb321d644b07d9fe43795823
Author: Rich Megginson <email address hidden>
Date: Tue Oct 28 08:12:52 2014 -0600

    handle missing project/tenant when using ldap backend

    The project/tenant is only stored with the user when using
    the sql (default) backend. This means calls like user list
    and user show will not show the default project. For getting
    the project/tenant, if it is not present in the instances
    information provided by user list --long, we don't actually
    get the project/tenant, we just check to see if the user is
    assigned to the given tenant/project. For setting the
    project/tenant, this is usually done with user create, but when
    ldap is read-only, we have to use role add to add the user to a
    default _member_ role and at the same time assign the user to a
    given project/tenant. This also adds support for using the
    openstack $obj show commands which return --format shell output,
    and return a hash of key/value pairs.

    Closes-Bug: #1391373
    Change-Id: I9a4f72f9a1de200b324aa52eb3ea90d15423c062
    (cherry picked from commit 1b8010e44fb3a6ec8554dc813314e7e254378da9)

tags: added: in-stable-juno
Mathieu Gagné (mgagne)
Changed in puppet-keystone:
milestone: none → 6.0.0
Matt Fischer (mfisch)
Changed in puppet-keystone:
status: Fix Committed → Fix Released
Mathieu Gagné (mgagne)
Changed in puppet-keystone:
status: Fix Released → Fix Committed
Mathieu Gagné (mgagne)
Changed in puppet-keystone:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.