Skip to content

Commit

Permalink
Merge "Make user creation optional when creating service."
Browse files Browse the repository at this point in the history
  • Loading branch information
Jenkins authored and openstack-gerrit committed Sep 29, 2014
2 parents 493fbb4 + c1102fd commit e9e1ba0
Show file tree
Hide file tree
Showing 4 changed files with 144 additions and 56 deletions.
67 changes: 39 additions & 28 deletions manifests/keystone/auth.pp
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@
# [*configure_endpoint*]
# Should heat endpoint be configured? Optional. Defaults to 'true'.
#
# [*configure_user*]
# Whether to create the service user. Defaults to 'true'.
#
# [*configure_user_role*]
# Whether to configure the admin role for teh service user. Defaults to 'true'.
#
# [*service_name*]
# Name of the service. Options. Defaults to the value of auth_name.
#
Expand Down Expand Up @@ -47,22 +53,24 @@
# Protocol for public endpoint. Optional. Defaults to 'http'.
#
class heat::keystone::auth (
$password = false,
$email = 'heat@localhost',
$auth_name = 'heat',
$service_name = undef,
$service_type = 'orchestration',
$public_address = '127.0.0.1',
$admin_address = '127.0.0.1',
$internal_address = '127.0.0.1',
$port = '8004',
$version = 'v1',
$region = 'RegionOne',
$tenant = 'services',
$public_protocol = 'http',
$admin_protocol = 'http',
$internal_protocol = 'http',
$configure_endpoint = true,
$password = false,
$email = 'heat@localhost',
$auth_name = 'heat',
$service_name = undef,
$service_type = 'orchestration',
$public_address = '127.0.0.1',
$admin_address = '127.0.0.1',
$internal_address = '127.0.0.1',
$port = '8004',
$version = 'v1',
$region = 'RegionOne',
$tenant = 'services',
$public_protocol = 'http',
$admin_protocol = 'http',
$internal_protocol = 'http',
$configure_endpoint = true,
$configure_user = true,
$configure_user_role = true,
) {

validate_string($password)
Expand All @@ -73,19 +81,23 @@
$real_service_name = $service_name
}

Keystone_user_role["${auth_name}@${tenant}"] ~>
Service <| name == 'heat-api' |>

keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
if $configure_user {
keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
}
}

keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => ['admin'],
if $configure_user_role {
Keystone_user_role["${auth_name}@${tenant}"] ~>
Service <| name == 'heat-api' |>

keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => ['admin'],
}
}

keystone_role { 'heat_stack_user':
Expand All @@ -106,4 +118,3 @@
}
}
}

67 changes: 39 additions & 28 deletions manifests/keystone/auth_cfn.pp
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@
# [*configure_endpoint*]
# Should heat-cfn endpoint be configured? Optional. Defaults to 'true'.
#
# [*configure_user*]
# Whether to create the service user. Defaults to 'true'.
#
# [*configure_user_role*]
# Whether to configure the admin role for the service user. Defaults to 'true'.
#
# [*service_name*]
# Name of the service. Optional. Defaults to the value of auth_name.
#
Expand Down Expand Up @@ -47,22 +53,24 @@
# Protocol for public endpoint. Optional. Defaults to 'http'.
#
class heat::keystone::auth_cfn (
$password = false,
$email = 'heat-cfn@localhost',
$auth_name = 'heat-cfn',
$service_name = undef,
$service_type = 'cloudformation',
$public_address = '127.0.0.1',
$admin_address = '127.0.0.1',
$internal_address = '127.0.0.1',
$port = '8000',
$version = 'v1',
$region = 'RegionOne',
$tenant = 'services',
$public_protocol = 'http',
$admin_protocol = 'http',
$internal_protocol = 'http',
$configure_endpoint = true,
$password = false,
$email = 'heat-cfn@localhost',
$auth_name = 'heat-cfn',
$service_name = undef,
$service_type = 'cloudformation',
$public_address = '127.0.0.1',
$admin_address = '127.0.0.1',
$internal_address = '127.0.0.1',
$port = '8000',
$version = 'v1',
$region = 'RegionOne',
$tenant = 'services',
$public_protocol = 'http',
$admin_protocol = 'http',
$internal_protocol = 'http',
$configure_endpoint = true,
$configure_user = true,
$configure_user_role = true,
) {

validate_string($password)
Expand All @@ -73,19 +81,23 @@
$real_service_name = $service_name
}

Keystone_user_role["${auth_name}@${tenant}"] ~>
Service <| name == 'heat-api-cfn' |>

keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
if $configure_user {
keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
}
}

keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => ['admin'],
if $configure_user_role {
Keystone_user_role["${auth_name}@${tenant}"] ~>
Service <| name == 'heat-api-cfn' |>

keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => ['admin'],
}
}

keystone_service { $real_service_name:
Expand All @@ -102,4 +114,3 @@
}
}
}

33 changes: 33 additions & 0 deletions spec/classes/heat_keystone_auth_cfn_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -99,4 +99,37 @@
end
end

context 'when disabling user configuration' do
before do
params.merge!( :configure_user => false )
end

it { should_not contain_keystone_user('heat_cfn') }
it { should contain_keystone_user_role('heat-cfn@services') }

it { should contain_keystone_service('heat-cfn').with(
:ensure => 'present',
:type => 'cloudformation',
:description => 'Openstack Cloudformation Service'
)}
end

context 'when disabling user and role configuration' do
before do
params.merge!(
:configure_user => false,
:configure_user_role => false
)
end

it { should_not contain_keystone_user('heat_cfn') }
it { should_not contain_keystone_user_role('heat-cfn@services') }

it { should contain_keystone_service('heat-cfn').with(
:ensure => 'present',
:type => 'cloudformation',
:description => 'Openstack Cloudformation Service'
)}
end

end
33 changes: 33 additions & 0 deletions spec/classes/heat_keystone_auth_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -107,4 +107,37 @@
end
end

context 'when disabling user configuration' do
before do
params.merge!( :configure_user => false )
end

it { should_not contain_keystone_user('heat') }
it { should contain_keystone_user_role('heat@services') }

it { should contain_keystone_service('heat').with(
:ensure => 'present',
:type => 'orchestration',
:description => 'Openstack Orchestration Service'
)}
end

context 'when disabling user and role configuration' do
before do
params.merge!(
:configure_user => false,
:configure_user_role => false
)
end

it { should_not contain_keystone_user('heat') }
it { should_not contain_keystone_user_role('heat@services') }

it { should contain_keystone_service('heat').with(
:ensure => 'present',
:type => 'orchestration',
:description => 'Openstack Orchestration Service'
)}
end

end

0 comments on commit e9e1ba0

Please sign in to comment.