diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp index 084806b8b..2bc061f42 100644 --- a/manifests/keystone/auth.pp +++ b/manifests/keystone/auth.pp @@ -19,6 +19,13 @@ # [*configure_endpoint*] # Should Neutron endpoint be configured? Defaults to 'true'. # +# [*configure_user*] +# Should the Neutron service user be configured? Defaults to 'true'. +# +# [*configure_user_role*] +# Should the admin role be configured for the service user? +# Defaults to 'true'. +# # [*service_name*] # Name of the service. Defaults to the value of auth_name. # @@ -54,21 +61,23 @@ # class neutron::keystone::auth ( $password, - $auth_name = 'neutron', - $email = 'neutron@localhost', - $tenant = 'services', - $configure_endpoint = true, - $service_name = undef, - $service_type = 'network', - $public_protocol = 'http', - $public_address = '127.0.0.1', - $admin_protocol = 'http', - $admin_address = '127.0.0.1', - $internal_protocol = 'http', - $internal_address = '127.0.0.1', - $port = '9696', - $public_port = undef, - $region = 'RegionOne' + $auth_name = 'neutron', + $email = 'neutron@localhost', + $tenant = 'services', + $configure_endpoint = true, + $configure_user = true, + $configure_user_role = true, + $service_name = undef, + $service_type = 'network', + $public_protocol = 'http', + $public_address = '127.0.0.1', + $admin_protocol = 'http', + $admin_address = '127.0.0.1', + $internal_protocol = 'http', + $internal_address = '127.0.0.1', + $port = '9696', + $public_port = undef, + $region = 'RegionOne' ) { if $service_name == undef { @@ -77,25 +86,32 @@ $real_service_name = $service_name } - Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'neutron-server' |> - Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'neutron-server' |> - if ! $public_port { $real_public_port = $port } else { $real_public_port = $public_port } - keystone_user { $auth_name: - ensure => present, - password => $password, - email => $email, - tenant => $tenant, + Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'neutron-server' |> + + if $configure_user { + keystone_user { $auth_name: + ensure => present, + password => $password, + email => $email, + tenant => $tenant, + } } - keystone_user_role { "${auth_name}@${tenant}": - ensure => present, - roles => 'admin', + + if $configure_user_role { + Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'neutron-server' |> + + keystone_user_role { "${auth_name}@${tenant}": + ensure => present, + roles => 'admin', + } } + keystone_service { $real_service_name: ensure => present, type => $service_type, diff --git a/spec/classes/neutron_keystone_auth_spec.rb b/spec/classes/neutron_keystone_auth_spec.rb index 8511b2aaa..db2ed2bea 100644 --- a/spec/classes/neutron_keystone_auth_spec.rb +++ b/spec/classes/neutron_keystone_auth_spec.rb @@ -132,4 +132,47 @@ end + describe 'when disabling user configuration' do + + let :params do + { + :password => 'neutron_password', + :configure_user => false + } + end + + it { should_not contain_keystone_user('neutron') } + + it { should contain_keystone_user_role('neutron@services') } + + it { should contain_keystone_service('neutron').with( + :ensure => 'present', + :type => 'network', + :description => 'Neutron Networking Service' + ) } + + end + + describe 'when disabling user and user role configuration' do + + let :params do + { + :password => 'neutron_password', + :configure_user => false, + :configure_user_role => false + } + end + + it { should_not contain_keystone_user('neutron') } + + it { should_not contain_keystone_user_role('neutron@services') } + + it { should contain_keystone_service('neutron').with( + :ensure => 'present', + :type => 'network', + :description => 'Neutron Networking Service' + ) } + + end + end