keystone-ldap needs to handle complex ldap-config-flags

ubuntu@juju-daa3c6-8-lxd-0:/var/log/juju$ sudo tailf unit-keystone-ldap-0.log
2017-03-21 21:49:00 INFO domain-backend-relation-joined File "templates/keystone.conf", line 16, in top-level template code
2017-03-21 21:49:00 INFO domain-backend-relation-joined {% if options.ldap_options -%}
2017-03-21 21:49:00 INFO domain-backend-relation-joined File "/var/lib/juju/agents/unit-keystone-ldap-0/.venv/lib/python3.5/site-packages/jinja2/environment.py", line 430, in getattr
2017-03-21 21:49:00 INFO domain-backend-relation-joined return getattr(obj, attribute)
2017-03-21 21:49:00 INFO domain-backend-relation-joined File "lib/charm/openstack/keystone_ldap.py", line 40, in ldap_options
2017-03-21 21:49:00 INFO domain-backend-relation-joined hookenv.config('ldap-config-flags')
2017-03-21 21:49:00 INFO domain-backend-relation-joined File "/var/lib/juju/agents/unit-keystone-ldap-0/.venv/lib/python3.5/site-packages/charmhelpers/contrib/openstack/utils.py", line 1939, in config_flags_parser
2017-03-21 21:49:00 INFO domain-backend-relation-joined raise OSContextError
2017-03-21 21:49:00 INFO domain-backend-relation-joined charmhelpers.contrib.openstack.exceptions.OSContextError
2017-03-21 21:49:00 ERROR juju.worker.uniter.operation runhook.go:107 hook "domain-backend-relation-joined" failed: exit status 1
2017-03-21 21:54:29 INFO juju-log domain-backend:68: Reactive main running for hook domain-backend-relation-joined
2017-03-21 21:54:29 INFO juju-log domain-backend:68: Invoking reactive handler: hooks/relations/keystone-domain-backend/provides.py:25:joined
2017-03-21 21:54:29 INFO juju-log domain-backend:68: Invoking reactive handler: reactive/keystone_ldap_handlers.py:36:check_configuration
2017-03-21 21:54:31 INFO juju-log domain-backend:68: Invoking reactive handler: reactive/keystone_ldap_handlers.py:28:configure_domain_name
2017-03-21 21:54:31 INFO juju-log domain-backend:68: Creating choice loader with dirs: [['templates/'], ['/var/lib/juju/agents/unit-keystone-ldap-0/.venv/lib/python3.5/site-packages/charmhelpers/contrib/openstack/templates']]
2017-03-21 21:54:31 ERROR juju-log domain-backend:68: Invalid config value(s) at index 1
2017-03-21 21:54:31 INFO domain-backend-relation-joined Traceback (most recent call last):
2017-03-21 21:54:31 INFO domain-backend-relation-joined File "/var/lib/juju/agents/unit-keystone-ldap-0/charm/hooks/domain-backend-relation-joined", line 19, in <module>
2017-03-21 21:54:31 INFO domain-backend-relation-joined main()
2017-03-21 21:54:31 INFO domain-backend-relation-joined File "/var/lib/juju/agents/unit-keystone-ldap-0/.venv/lib/python3.5/site-packages/charms/reactive/__init__.py", line 78, in main
2017-03-21 21:54:31 INFO domain-backend-relation-joined bus.dispatch()
2017-03-21 21:54:31 INFO domain-backend-relation-joined File "/var/lib/juju/agents/unit-keystone-ldap-0/.venv/lib/python3.5/site-packages/charms/reactive/bus.py", line 434, in dispatch
2017-03-21 21:54:31 INFO domain-backend-relation-joined _invoke(other_handlers)
2017-03-21 21:54:31 INFO domain-backend-relation-joined File "/var/lib/juju/agents/unit-keystone-ldap-0/.venv/lib/python3.5/site-packages/charms/react...

The issue may actually be the extra equal signs (=) not the commas.

This turns out to be a documentation bug. The function config_flags_parser will do the right thing if and only if it is passed very specific data:

We need a pseudo-json string so that the config_flags_parser will be able to interpret what is passed as yaml. So to make the above example work do the following:

ldap-config-flags: "{
  user_tree_dn: 'DC=exampleDC,DC=exampleSUBDC,DC=example,DC=com',
  user_filter: 'memberOf=(CN=exampleCN,OU=Groups,DC=exampleDC,DC=exampleSUBDC,DC=example,DC=com)'
  }"

Note: The Double quotes and braces around the whole string. And single quotes around the values.

Leaving the bug open for the documentation change but lowering its priority.

Fix proposed to branch: master
Review: https://review.openstack.org/449357

Reviewed: https://review.openstack.org/449357
Committed: https://git.openstack.org/cgit/openstack/charm-keystone-ldap/commit/?id=1fc65c7b82eb0c739ddc0594983189da8341e105
Submitter: Jenkins
Branch: master

commit 1fc65c7b82eb0c739ddc0594983189da8341e105
Author: David Ames <email address hidden>
Date: Thu Mar 23 15:58:09 2017 -0700

    Documentation for complex LDAP options

    LDAP configurations can be quite complex. ldap-config-flags provides
    the mechanism to pass arbitrary configuration options to keystone to
    interact with LDAP.

    The original documentation only mentions a comma delimited string.
    However, the code can handle much more complicated real world
    requirements as long as they are in a string format it can consume.

    This change documents the specific string format for a complex real
    world example both in the README and in config.yaml.

    Change-Id: If95eae2a8560d9feeaff66fbe52cab6b2593f5cf
    Closes-bug: #1674841