X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;ds=sidebyside;f=puppet%2Fservices%2Fkeystone.yaml;h=8a0e750d893b94677c86515a4ea789cbde387931;hb=8eaecb64893ff7ebeaca14eb5172e3320202343b;hp=0976b97c87a6f0340f3a39359d9b25b24d7d41ef;hpb=cd6128d0a54989926709f42b7be80bf5daba2f8f;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 0976b97c..8a0e750d 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -119,27 +119,27 @@ parameters:
         Cron to purge expired tokens - Ensure
     default: 'present'
   KeystoneCronTokenFlushMinute:
-    type: string
+    type: comma_delimited_list
     description: >
         Cron to purge expired tokens - Minute
     default: '1'
   KeystoneCronTokenFlushHour:
-    type: string
+    type: comma_delimited_list
     description: >
         Cron to purge expired tokens - Hour
-    default: '0'
+    default: '*'
   KeystoneCronTokenFlushMonthday:
-    type: string
+    type: comma_delimited_list
     description: >
         Cron to purge expired tokens - Month Day
     default: '*'
   KeystoneCronTokenFlushMonth:
-    type: string
+    type: comma_delimited_list
     description: >
         Cron to purge expired tokens - Month
     default: '*'
   KeystoneCronTokenFlushWeekday:
-    type: string
+    type: comma_delimited_list
     description: >
         Cron to purge expired tokens - Week Day
     default: '*'
@@ -164,6 +164,16 @@ parameters:
       e.g. { keystone-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
     default: {}
     type: json
+  KeystoneLDAPDomainEnable:
+    description: Trigger to call ldap_backend puppet keystone define.
+    type: boolean
+    default: False
+  KeystoneLDAPBackendConfigs:
+    description: Hash containing the configurations for the LDAP backends
+                 configured in keystone.
+    type: json
+    default: {}
+    hidden: true
 
 resources:
 
@@ -177,6 +187,7 @@ resources:
 
 conditions:
   keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
+  keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]}
 
 outputs:
   role_data:
@@ -300,6 +311,15 @@ outputs:
             keystone::cron::token_flush::maxdelay: {get_param: KeystoneCronTokenFlushMaxDelay}
             keystone::cron::token_flush::destination: {get_param: KeystoneCronTokenFlushDestination}
             keystone::cron::token_flush::user: {get_param: KeystoneCronTokenFlushUser}
+          -
+            if:
+            - keystone_ldap_domain_enabled
+            -
+              tripleo::profile::base::keystone::ldap_backend_enable: True
+              keystone::using_domain_config: True
+              tripleo::profile::base::keystone::ldap_backends_config:
+                get_param: KeystoneLDAPBackendConfigs
+            - {}
 
       step_config: |
         include ::tripleo::profile::base::keystone
@@ -312,6 +332,13 @@ outputs:
           keystone::db::mysql::allowed_hosts:
             - '%'
             - "%{hiera('mysql_bind_host')}"
+        horizon:
+          if:
+          - keystone_ldap_domain_enabled
+          -
+            horizon::keystone_multidomain_support: true
+            horizon::keystone_default_domain: 'Default'
+          - {}
       # Ansible tasks to handle upgrade
       upgrade_tasks:
         - name: Stop keystone service (running under httpd)