Skip to content

Commit

Permalink
Make user creation optional when creating service.
Browse files Browse the repository at this point in the history
In some cases it is useful to be able to just configure
the service in Keystone and not the service user. This
is the case when e.g. a read only LDAP backend is used.
Added a parameter configure_user (defaults to true).
Closes-Bug: 1360232

Change-Id: Ia17fa32744bd951eac3307a858917ac1ba3be37c
  • Loading branch information
Mike Dorman committed Sep 11, 2014
1 parent a95a943 commit c1102fd
Show file tree
Hide file tree
Showing 4 changed files with 144 additions and 56 deletions.
67 changes: 39 additions & 28 deletions manifests/keystone/auth.pp
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@
# [*configure_endpoint*]
# Should heat endpoint be configured? Optional. Defaults to 'true'.
#
# [*configure_user*]
# Whether to create the service user. Defaults to 'true'.
#
# [*configure_user_role*]
# Whether to configure the admin role for teh service user. Defaults to 'true'.
#
# [*service_name*]
# Name of the service. Options. Defaults to the value of auth_name.
#
Expand Down Expand Up @@ -47,22 +53,24 @@
# Protocol for public endpoint. Optional. Defaults to 'http'.
#
class heat::keystone::auth (
$password = false,
$email = 'heat@localhost',
$auth_name = 'heat',
$service_name = undef,
$service_type = 'orchestration',
$public_address = '127.0.0.1',
$admin_address = '127.0.0.1',
$internal_address = '127.0.0.1',
$port = '8004',
$version = 'v1',
$region = 'RegionOne',
$tenant = 'services',
$public_protocol = 'http',
$admin_protocol = 'http',
$internal_protocol = 'http',
$configure_endpoint = true,
$password = false,
$email = 'heat@localhost',
$auth_name = 'heat',
$service_name = undef,
$service_type = 'orchestration',
$public_address = '127.0.0.1',
$admin_address = '127.0.0.1',
$internal_address = '127.0.0.1',
$port = '8004',
$version = 'v1',
$region = 'RegionOne',
$tenant = 'services',
$public_protocol = 'http',
$admin_protocol = 'http',
$internal_protocol = 'http',
$configure_endpoint = true,
$configure_user = true,
$configure_user_role = true,
) {

validate_string($password)
Expand All @@ -73,19 +81,23 @@
$real_service_name = $service_name
}

Keystone_user_role["${auth_name}@${tenant}"] ~>
Service <| name == 'heat-api' |>

keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
if $configure_user {
keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
}
}

keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => ['admin'],
if $configure_user_role {
Keystone_user_role["${auth_name}@${tenant}"] ~>
Service <| name == 'heat-api' |>

keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => ['admin'],
}
}

keystone_role { 'heat_stack_user':
Expand All @@ -106,4 +118,3 @@
}
}
}

67 changes: 39 additions & 28 deletions manifests/keystone/auth_cfn.pp
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@
# [*configure_endpoint*]
# Should heat-cfn endpoint be configured? Optional. Defaults to 'true'.
#
# [*configure_user*]
# Whether to create the service user. Defaults to 'true'.
#
# [*configure_user_role*]
# Whether to configure the admin role for the service user. Defaults to 'true'.
#
# [*service_name*]
# Name of the service. Optional. Defaults to the value of auth_name.
#
Expand Down Expand Up @@ -47,22 +53,24 @@
# Protocol for public endpoint. Optional. Defaults to 'http'.
#
class heat::keystone::auth_cfn (
$password = false,
$email = 'heat-cfn@localhost',
$auth_name = 'heat-cfn',
$service_name = undef,
$service_type = 'cloudformation',
$public_address = '127.0.0.1',
$admin_address = '127.0.0.1',
$internal_address = '127.0.0.1',
$port = '8000',
$version = 'v1',
$region = 'RegionOne',
$tenant = 'services',
$public_protocol = 'http',
$admin_protocol = 'http',
$internal_protocol = 'http',
$configure_endpoint = true,
$password = false,
$email = 'heat-cfn@localhost',
$auth_name = 'heat-cfn',
$service_name = undef,
$service_type = 'cloudformation',
$public_address = '127.0.0.1',
$admin_address = '127.0.0.1',
$internal_address = '127.0.0.1',
$port = '8000',
$version = 'v1',
$region = 'RegionOne',
$tenant = 'services',
$public_protocol = 'http',
$admin_protocol = 'http',
$internal_protocol = 'http',
$configure_endpoint = true,
$configure_user = true,
$configure_user_role = true,
) {

validate_string($password)
Expand All @@ -73,19 +81,23 @@
$real_service_name = $service_name
}

Keystone_user_role["${auth_name}@${tenant}"] ~>
Service <| name == 'heat-api-cfn' |>

keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
if $configure_user {
keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
}
}

keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => ['admin'],
if $configure_user_role {
Keystone_user_role["${auth_name}@${tenant}"] ~>
Service <| name == 'heat-api-cfn' |>

keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => ['admin'],
}
}

keystone_service { $real_service_name:
Expand All @@ -102,4 +114,3 @@
}
}
}

33 changes: 33 additions & 0 deletions spec/classes/heat_keystone_auth_cfn_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -99,4 +99,37 @@
end
end

context 'when disabling user configuration' do
before do
params.merge!( :configure_user => false )
end

it { should_not contain_keystone_user('heat_cfn') }
it { should contain_keystone_user_role('heat-cfn@services') }

it { should contain_keystone_service('heat-cfn').with(
:ensure => 'present',
:type => 'cloudformation',
:description => 'Openstack Cloudformation Service'
)}
end

context 'when disabling user and role configuration' do
before do
params.merge!(
:configure_user => false,
:configure_user_role => false
)
end

it { should_not contain_keystone_user('heat_cfn') }
it { should_not contain_keystone_user_role('heat-cfn@services') }

it { should contain_keystone_service('heat-cfn').with(
:ensure => 'present',
:type => 'cloudformation',
:description => 'Openstack Cloudformation Service'
)}
end

end
33 changes: 33 additions & 0 deletions spec/classes/heat_keystone_auth_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -107,4 +107,37 @@
end
end

context 'when disabling user configuration' do
before do
params.merge!( :configure_user => false )
end

it { should_not contain_keystone_user('heat') }
it { should contain_keystone_user_role('heat@services') }

it { should contain_keystone_service('heat').with(
:ensure => 'present',
:type => 'orchestration',
:description => 'Openstack Orchestration Service'
)}
end

context 'when disabling user and role configuration' do
before do
params.merge!(
:configure_user => false,
:configure_user_role => false
)
end

it { should_not contain_keystone_user('heat') }
it { should_not contain_keystone_user_role('heat@services') }

it { should contain_keystone_service('heat').with(
:ensure => 'present',
:type => 'orchestration',
:description => 'Openstack Orchestration Service'
)}
end

end

0 comments on commit c1102fd

Please sign in to comment.