Make user creation optional when creating service.

In some cases it is useful to be able to just configure the service in Keystone and not the service user. This is the case when e.g. a read only LDAP backend is used. Added a parameter configure_user (defaults to true). Closes-Bug: 1360232 Change-Id: I8f6d6f3903b9140bf22c676b3661c2dda5766db6
xbezdick · Sep 11, 2014 · 55c122c · 55c122c
1 parent e381349
commit 55c122c
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 11 deletions.
diff --git a/manifests/roles/admin.pp b/manifests/roles/admin.pp
@@ -17,6 +17,8 @@
 # [ignore_default_tenant] Ignore setting the default tenant value when the user is created. Optional. Defaults to false.
 # [admin_tenant_desc] Optional. Description for admin tenant, defaults to 'admin tenant'
 # [service_tenant_desc] Optional. Description for admin tenant, defaults to 'Tenant for the openstack services'
+# [configure_user] Optional. Should the admin user be created? Defaults to 'true'.
+# [configure_user_role] Optional. Should the admin role be configured for the admin user? Defaulst to 'true'.
 #
 # == Dependencies
 # == Examples
@@ -37,6 +39,8 @@
   $ignore_default_tenant  = false,
   $admin_tenant_desc      = 'admin tenant',
   $service_tenant_desc    = 'Tenant for the openstack services',
+  $configure_user         = true,
+  $configure_user_role    = true,
 ) {
 
   keystone_tenant { $service_tenant:
@@ -49,20 +53,26 @@
     enabled     => true,
     description => $admin_tenant_desc,
   }
-  keystone_user { $admin:
-    ensure                => present,
-    enabled               => true,
-    tenant                => $admin_tenant,
-    email                 => $email,
-    password              => $password,
-    ignore_default_tenant => $ignore_default_tenant,
-  }
   keystone_role { 'admin':
     ensure => present,
   }
-  keystone_user_role { "${admin}@${admin_tenant}":
-    ensure => present,
-    roles  => 'admin',
+
+  if $configure_user {
+    keystone_user { $admin:
+      ensure                => present,
+      enabled               => true,
+      tenant                => $admin_tenant,
+      email                 => $email,
+      password              => $password,
+      ignore_default_tenant => $ignore_default_tenant,
+    }
+  }
+
+  if $configure_user_role {
+    keystone_user_role { "${admin}@${admin_tenant}":
+      ensure => present,
+      roles  => 'admin',
+    }
   }
 
 }
diff --git a/spec/classes/keystone_roles_admin_spec.rb b/spec/classes/keystone_roles_admin_spec.rb
@@ -77,4 +77,31 @@
 
   end
 
+  describe 'when disabling user configuration' do
+    before do
+      let :params do
+        {
+          :configure_user => false
+        }
+      end
+
+      it { should_not contain_keystone_user('keystone') }
+      it { should contain_keystone_user_role('keystone@openstack') }
+    end
+  end
+
+  describe 'when disabling user and role configuration' do
+    before do
+      let :params do
+        {
+          :configure_user       => false,
+          :configure_user_role  => false
+        }
+      end
+
+      it { should_not contain_keystone_user('keystone') }
+      it { should_not contain_keystone_user_role('keystone@openstack') }
+    end
+  end
+
 end