d8094c2a11
"cryptography" and "pydantic" depend on "maturin", which fails to install from source. "cryptography" was already added to the "charm-binary-python-packages" list, allowing prebuilt packages to be used. However, our uv.lock files contain a slightly older version so charmcraft attempts to install it from source and fails: ModuleNotFoundError: No module named 'puccinialin' This patch will fix the build failures by: * updating the uv.lock files (tox -e lock) * adding pydantic to the list of binary packages Cryptography 44.0.2 currently fails to install: https://pastebin.canonical.com/p/Z4ZZhqWwtV/plain/ Change-Id: Ibfe555df7f72b867ad92c3bb00bb6fa576d7b0fc
89 lines
2.5 KiB
YAML
89 lines
2.5 KiB
YAML
type: charm
|
|
title: Keystone LDAP integration
|
|
name: keystone-ldap-k8s
|
|
summary: Keystone Domain backend for LDAP or Active Directory
|
|
description: |
|
|
Keystone support the use of domain specific identity drivers,
|
|
allowing different types of authentication backend to be deployed in a single Keystone
|
|
deployment. This charm supports use of LDAP or Active Directory domain backends,
|
|
with configuration details provided by charm configuration options.
|
|
|
|
base: ubuntu@24.04
|
|
platforms:
|
|
amd64:
|
|
|
|
config:
|
|
options:
|
|
domain-name:
|
|
type: string
|
|
default: null
|
|
description: |
|
|
Name of the keystone domain to configure; defaults to the deployed
|
|
application name.
|
|
ldap-config-flags:
|
|
type: string
|
|
default: null
|
|
description: |
|
|
The are ~50 LDAP configuration options supported by keystone.
|
|
Use a json like string with double quotes
|
|
and braces around all the options and single quotes around complex values.
|
|
"{user_tree_dn: 'DC=dc1,DC=ad,DC=example,DC=com',
|
|
user_allow_create: False,
|
|
user_allow_delete: False}"
|
|
See the README for more details.
|
|
tls-ca-ldap:
|
|
type: string
|
|
default: null
|
|
description: |
|
|
This option controls which certificate (or a chain) will be used to connect
|
|
to an ldap server(s) over TLS. Certificate contents should be either used
|
|
directly or included via include-file://
|
|
An LDAP url should also be considered as ldaps and StartTLS are both valid
|
|
methods of using TLS (see RFC 4513) with StartTLS using a non-ldaps url which,
|
|
of course, still requires a CA certificate.
|
|
|
|
requires:
|
|
logging:
|
|
interface: loki_push_api
|
|
optional: true
|
|
tracing:
|
|
interface: tracing
|
|
optional: true
|
|
limit: 1
|
|
|
|
provides:
|
|
domain-config:
|
|
interface: keystone-domain-config
|
|
|
|
peers:
|
|
peers:
|
|
interface: keystone-dc-peer
|
|
|
|
parts:
|
|
update-certificates:
|
|
plugin: nil
|
|
override-build: |
|
|
apt update
|
|
apt install -y ca-certificates
|
|
update-ca-certificates
|
|
charm:
|
|
after:
|
|
- update-certificates
|
|
build-packages:
|
|
- git
|
|
- libffi-dev
|
|
- libssl-dev
|
|
- pkg-config
|
|
- rustc-1.80
|
|
- cargo-1.80
|
|
charm-binary-python-packages:
|
|
- cryptography
|
|
- jsonschema
|
|
- jinja2
|
|
- pydantic
|
|
build-snaps: [astral-uv]
|
|
override-build: |
|
|
uv export --frozen --no-hashes --format=requirements-txt -o requirements.txt
|
|
craftctl default
|
|
charm-requirements: [requirements.txt]
|