diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp index 6205de39e..3302cca81 100644 --- a/manifests/keystone/auth.pp +++ b/manifests/keystone/auth.pp @@ -16,6 +16,12 @@ # [*configure_endpoint*] # Should heat endpoint be configured? Optional. Defaults to 'true'. # +# [*configure_user*] +# Whether to create the service user. Defaults to 'true'. +# +# [*configure_user_role*] +# Whether to configure the admin role for teh service user. Defaults to 'true'. +# # [*service_name*] # Name of the service. Options. Defaults to the value of auth_name. # @@ -47,22 +53,24 @@ # Protocol for public endpoint. Optional. Defaults to 'http'. # class heat::keystone::auth ( - $password = false, - $email = 'heat@localhost', - $auth_name = 'heat', - $service_name = undef, - $service_type = 'orchestration', - $public_address = '127.0.0.1', - $admin_address = '127.0.0.1', - $internal_address = '127.0.0.1', - $port = '8004', - $version = 'v1', - $region = 'RegionOne', - $tenant = 'services', - $public_protocol = 'http', - $admin_protocol = 'http', - $internal_protocol = 'http', - $configure_endpoint = true, + $password = false, + $email = 'heat@localhost', + $auth_name = 'heat', + $service_name = undef, + $service_type = 'orchestration', + $public_address = '127.0.0.1', + $admin_address = '127.0.0.1', + $internal_address = '127.0.0.1', + $port = '8004', + $version = 'v1', + $region = 'RegionOne', + $tenant = 'services', + $public_protocol = 'http', + $admin_protocol = 'http', + $internal_protocol = 'http', + $configure_endpoint = true, + $configure_user = true, + $configure_user_role = true, ) { validate_string($password) @@ -73,19 +81,23 @@ $real_service_name = $service_name } - Keystone_user_role["${auth_name}@${tenant}"] ~> - Service <| name == 'heat-api' |> - - keystone_user { $auth_name: - ensure => present, - password => $password, - email => $email, - tenant => $tenant, + if $configure_user { + keystone_user { $auth_name: + ensure => present, + password => $password, + email => $email, + tenant => $tenant, + } } - keystone_user_role { "${auth_name}@${tenant}": - ensure => present, - roles => ['admin'], + if $configure_user_role { + Keystone_user_role["${auth_name}@${tenant}"] ~> + Service <| name == 'heat-api' |> + + keystone_user_role { "${auth_name}@${tenant}": + ensure => present, + roles => ['admin'], + } } keystone_role { 'heat_stack_user': @@ -106,4 +118,3 @@ } } } - diff --git a/manifests/keystone/auth_cfn.pp b/manifests/keystone/auth_cfn.pp index cc6d11652..36c0fa083 100644 --- a/manifests/keystone/auth_cfn.pp +++ b/manifests/keystone/auth_cfn.pp @@ -16,6 +16,12 @@ # [*configure_endpoint*] # Should heat-cfn endpoint be configured? Optional. Defaults to 'true'. # +# [*configure_user*] +# Whether to create the service user. Defaults to 'true'. +# +# [*configure_user_role*] +# Whether to configure the admin role for the service user. Defaults to 'true'. +# # [*service_name*] # Name of the service. Optional. Defaults to the value of auth_name. # @@ -47,22 +53,24 @@ # Protocol for public endpoint. Optional. Defaults to 'http'. # class heat::keystone::auth_cfn ( - $password = false, - $email = 'heat-cfn@localhost', - $auth_name = 'heat-cfn', - $service_name = undef, - $service_type = 'cloudformation', - $public_address = '127.0.0.1', - $admin_address = '127.0.0.1', - $internal_address = '127.0.0.1', - $port = '8000', - $version = 'v1', - $region = 'RegionOne', - $tenant = 'services', - $public_protocol = 'http', - $admin_protocol = 'http', - $internal_protocol = 'http', - $configure_endpoint = true, + $password = false, + $email = 'heat-cfn@localhost', + $auth_name = 'heat-cfn', + $service_name = undef, + $service_type = 'cloudformation', + $public_address = '127.0.0.1', + $admin_address = '127.0.0.1', + $internal_address = '127.0.0.1', + $port = '8000', + $version = 'v1', + $region = 'RegionOne', + $tenant = 'services', + $public_protocol = 'http', + $admin_protocol = 'http', + $internal_protocol = 'http', + $configure_endpoint = true, + $configure_user = true, + $configure_user_role = true, ) { validate_string($password) @@ -73,19 +81,23 @@ $real_service_name = $service_name } - Keystone_user_role["${auth_name}@${tenant}"] ~> - Service <| name == 'heat-api-cfn' |> - - keystone_user { $auth_name: - ensure => present, - password => $password, - email => $email, - tenant => $tenant, + if $configure_user { + keystone_user { $auth_name: + ensure => present, + password => $password, + email => $email, + tenant => $tenant, + } } - keystone_user_role { "${auth_name}@${tenant}": - ensure => present, - roles => ['admin'], + if $configure_user_role { + Keystone_user_role["${auth_name}@${tenant}"] ~> + Service <| name == 'heat-api-cfn' |> + + keystone_user_role { "${auth_name}@${tenant}": + ensure => present, + roles => ['admin'], + } } keystone_service { $real_service_name: @@ -102,4 +114,3 @@ } } } - diff --git a/spec/classes/heat_keystone_auth_cfn_spec.rb b/spec/classes/heat_keystone_auth_cfn_spec.rb index 8813f4016..d81b3dcea 100644 --- a/spec/classes/heat_keystone_auth_cfn_spec.rb +++ b/spec/classes/heat_keystone_auth_cfn_spec.rb @@ -99,4 +99,37 @@ end end + context 'when disabling user configuration' do + before do + params.merge!( :configure_user => false ) + end + + it { should_not contain_keystone_user('heat_cfn') } + it { should contain_keystone_user_role('heat-cfn@services') } + + it { should contain_keystone_service('heat-cfn').with( + :ensure => 'present', + :type => 'cloudformation', + :description => 'Openstack Cloudformation Service' + )} + end + + context 'when disabling user and role configuration' do + before do + params.merge!( + :configure_user => false, + :configure_user_role => false + ) + end + + it { should_not contain_keystone_user('heat_cfn') } + it { should_not contain_keystone_user_role('heat-cfn@services') } + + it { should contain_keystone_service('heat-cfn').with( + :ensure => 'present', + :type => 'cloudformation', + :description => 'Openstack Cloudformation Service' + )} + end + end diff --git a/spec/classes/heat_keystone_auth_spec.rb b/spec/classes/heat_keystone_auth_spec.rb index 8f546bf2c..dd02f88c7 100644 --- a/spec/classes/heat_keystone_auth_spec.rb +++ b/spec/classes/heat_keystone_auth_spec.rb @@ -107,4 +107,37 @@ end end + context 'when disabling user configuration' do + before do + params.merge!( :configure_user => false ) + end + + it { should_not contain_keystone_user('heat') } + it { should contain_keystone_user_role('heat@services') } + + it { should contain_keystone_service('heat').with( + :ensure => 'present', + :type => 'orchestration', + :description => 'Openstack Orchestration Service' + )} + end + + context 'when disabling user and role configuration' do + before do + params.merge!( + :configure_user => false, + :configure_user_role => false + ) + end + + it { should_not contain_keystone_user('heat') } + it { should_not contain_keystone_user_role('heat@services') } + + it { should contain_keystone_service('heat').with( + :ensure => 'present', + :type => 'orchestration', + :description => 'Openstack Orchestration Service' + )} + end + end