Skip to content

Commit

Permalink
Merge "Add keystone::resource::service_identity"
Browse files Browse the repository at this point in the history
  • Loading branch information
@openstack-gerrit
Jenkins authored and openstack-gerrit committed Nov 19, 2014
2 parents e1d96ec + 183650c commit 776006f
Show file tree
Hide file tree
Showing 3 changed files with 261 additions and 11 deletions.
22 changes: 11 additions & 11 deletions manifests/endpoint.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,8 @@
$admin_port = undef,
) {

warning('keystone::endpoint class is deprecated, use keystone::resource::service_identity instead.')

if $public_port {
warning('The public_port parameter is deprecated, use public_url instead.')
}
Expand Down Expand Up @@ -144,17 +146,15 @@
"#{@admin_url}/#{@version}"
end %>')

keystone_service { 'keystone':
ensure => present,
type => 'identity',
description => 'OpenStack Identity Service',
keystone::resource::service_identity { 'keystone':
configure_user => false,
configure_user_role => false,
service_type => 'identity',
service_description => 'OpenStack Identity Service',
public_url => $public_url_real,
admin_url => $admin_url_real,
internal_url => $internal_url_real,
region => $region,
}

keystone_endpoint { "${region}/keystone":
ensure => present,
public_url => $public_url_real,
admin_url => $admin_url_real,
internal_url => $internal_url_real,
region => $region,
}
}
161 changes: 161 additions & 0 deletions manifests/resource/service_identity.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,161 @@
#
# Copyright (C) 2014 eNovance SAS <[email protected]>
#
# Author: Emilien Macchi <[email protected]>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Definition: keystone::resource::service_identity
#
# This resource configures Keystone resources for an OpenStack service.
#
# == Parameters:
#
# [*password*]
# Password to create for the service user;
# string; required
#
# [*auth_name*]
# The name of the service user;
# string; optional; default to the $title of the resource, i.e. 'nova'
#
# [*service_name*]
# Name of the service;
# string; required
#
# [*service_type*]
# Type of the service;
# string; required
#
# [*service_description*]
# Description of the service;
# string; optional: default to '$name service'
#
# [*public_url*]
# Public endpoint URL;
# string; required
#
# [*internal_url*]
# Internal endpoint URL;
# string; required
#
# [*admin_url*]
# Admin endpoint URL;
# string; required
#
# [*region*]
# Endpoint region;
# string; optional: default to 'RegionOne'
#
# [*tenant*]
# Service tenant;
# string; optional: default to 'services'
#
# [*ignore_default_tenant*]
# Ignore setting the default tenant value when the user is created.
# string; optional: default to false
#
# [*roles*]
# List of roles;
# string; optional: default to ['admin']
#
# [*domain*]
# User domain (keystone v3), not implemented yet.
# string; optional: default to undef
#
# [*email*]
# Service email;
# string; optional: default to '$auth_name@localhost'
#
# [*configure_endpoint*]
# Whether to create the endpoint.
# string; optional: default to True
#
# [*configure_user*]
# Whether to create the user.
# string; optional: default to True
#
# [*configure_user_role*]
# Whether to create the user role.
# string; optional: default to True
#
# [*configure_service*]
# Whether to create the service.
# string; optional: default to True
#
define keystone::resource::service_identity(
$admin_url = false,
$internal_url = false,
$password = false,
$public_url = false,
$service_type = false,
$auth_name = $name,
$configure_endpoint = true,
$configure_user = true,
$configure_user_role = true,
$configure_service = true,
$domain = undef,
$email = "${name}@localhost",
$region = 'RegionOne',
$service_name = undef,
$service_description = "${name} service",
$tenant = 'services',
$ignore_default_tenant = false,
$roles = ['admin'],
) {

if $domain {
warning('Keystone domains are not yet managed by puppet-keystone.')
}

if $service_name == undef {
$service_name_real = $auth_name
} else {
$service_name_real = $service_name
}

if $configure_user {
ensure_resource('keystone_user', $auth_name, {
'ensure' => 'present',
'enabled' => true,
'password' => $password,
'email' => $email,
'tenant' => $tenant,
'ignore_default_tenant' => $ignore_default_tenant,
})
}

if $configure_user_role {
ensure_resource('keystone_user_role', "${auth_name}@${tenant}", {
'ensure' => 'present',
'roles' => $roles,
})
}

if $configure_service {
ensure_resource('keystone_service', $service_name_real, {
'ensure' => 'present',
'type' => $service_type,
'description' => $service_description,
})
}

if $configure_endpoint {
ensure_resource('keystone_endpoint', "${region}/${service_name_real}", {
'ensure' => 'present',
'public_url' => $public_url,
'admin_url' => $admin_url,
'internal_url' => $internal_url,
})
}
}
89 changes: 89 additions & 0 deletions spec/defines/keystone_resource_service_identity_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
#
# Copyright (C) 2014 eNovance SAS <[email protected]>
#
# Author: Emilien Macchi <[email protected]>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

require 'spec_helper'

describe 'keystone::resource::service_identity' do

let (:title) { 'neutron' }

let :required_params do
{ :password => 'secrete',
:service_type => 'network',
:admin_url => 'http://192.168.0.1:9696',
:internal_url => 'http://10.0.0.1:9696',
:public_url => 'http://7.7.7.7:9696' }
end

shared_examples 'keystone::resource::service_identity examples' do

context 'with only required parameters' do
let :params do
required_params
end

it { should contain_keystone_user(title).with(
:ensure => 'present',
:password => 'secrete',
:email => 'neutron@localhost',
:tenant => 'services',
)}

it { should contain_keystone_user_role("#{title}@services").with(
:ensure => 'present',
:roles => 'admin',
)}

it { should contain_keystone_service(title).with(
:ensure => 'present',
:type => 'network',
:description => 'neutron service',
)}

it { should contain_keystone_endpoint("RegionOne/#{title}").with(
:ensure => 'present',
:public_url => 'http://7.7.7.7:9696',
:internal_url => 'http://10.0.0.1:9696',
:admin_url => 'http://192.168.0.1:9696',
)}
end

context 'when omitting a required parameter password' do
let :params do
required_params.delete(:password)
end
it { expect { should raise_error(Puppet::Error) } }
end

end

context 'on a Debian osfamily' do
let :facts do
{ :osfamily => "Debian" }
end

include_examples 'keystone::resource::service_identity examples'
end

context 'on a RedHat osfamily' do
let :facts do
{ :osfamily => 'RedHat' }
end

include_examples 'keystone::resource::service_identity examples'
end
end

0 comments on commit 776006f

Please sign in to comment.