From cd77058ee0e974bd9bd7acaf8426ef24ea9a7a52 Mon Sep 17 00:00:00 2001
From: Alex Rudenko <alexei.rudenko@gmail.com>
Date: Sun, 1 Sep 2013 16:26:03 +0200
Subject: [PATCH] blueprint devstack-support-for-keystone-mixbackend

Added KEYSTONE_ASSIGNMENT_BACKEND to support mixed backend

Modified code for KEYSTONE_IDENTITY_BACKEND according to comments.
Implemented the check for variables instead of case statements.
UPD: Removed arrays.
UPD2: fixed spacing issues
Change-Id: Ie92eed1fb5be5f875ef6633ede9c9e08daf6bf4f
Implements: devstack-support-for-keystone-mixbackend
---
 lib/keystone | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 lib/keystone

diff --git a/lib/keystone b/lib/keystone
old mode 100644
new mode 100755
index 535710f52b..3642904e1c
--- a/lib/keystone
+++ b/lib/keystone
@@ -44,6 +44,12 @@ KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
 # Select the backend for Tokens
 KEYSTONE_TOKEN_BACKEND=${KEYSTONE_TOKEN_BACKEND:-sql}
 
+# Select the backend for Identity
+KEYSTONE_IDENTITY_BACKEND=${KEYSTONE_IDENTITY_BACKEND:-sql}
+
+# Select the backend for Assignment
+KEYSTONE_ASSIGNMENT_BACKEND=${KEYSTONE_ASSIGNMENT_BACKEND:-sql}
+
 # Select Keystone's token format
 # Choose from 'UUID' and 'PKI'
 KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKI}
@@ -63,10 +69,14 @@ KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 # Set the tenant for service accounts in Keystone
 SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
 
+# valid identity backends as per dir keystone/identity/backends
+KEYSTONE_VALID_IDENTITY_BACKENDS=kvs,ldap,pam,sql
+
+# valid assignment backends as per dir keystone/identity/backends
+KEYSTONE_VALID_ASSIGNMENT_BACKENDS=kvs,ldap,sql
 
 # Functions
 # ---------
-
 # cleanup_keystone() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_keystone() {
@@ -116,8 +126,14 @@ function configure_keystone() {
         iniset $KEYSTONE_CONF DEFAULT member_role_name "_member_"
     fi
 
-    if [[  "$KEYSTONE_IDENTITY_BACKEND" == "ldap"  ]]; then
-        iniset $KEYSTONE_CONF identity driver "keystone.identity.backends.ldap.Identity"
+    # check if identity backend is valid
+    if [[ "$KEYSTONE_VALID_IDENTITY_BACKENDS" =~ "$KEYSTONE_IDENTITY_BACKEND" ]]; then
+        iniset $KEYSTONE_CONF identity driver "keystone.identity.backends.$KEYSTONE_IDENTITY_BACKEND.Identity"
+    fi
+
+    # check if assignment backend is valid
+    if [[ "$KEYSTONE_VALID_ASSIGNMENT_BACKENDS" =~ "$KEYSTONE_ASSIGNMENT_BACKEND" ]]; then
+        iniset $KEYSTONE_CONF assignment driver "keystone.assignment.backends.$KEYSTONE_ASSIGNMENT_BACKEND.Assignment"
     fi
 
     # Set the URL advertised in the ``versions`` structure returned by the '/' route