diff --git a/.rubocop.yml b/.rubocop.yml index 68df0dc..bae101d 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -6,7 +6,6 @@ AllCops: - providers/** - resources/** - spec/** - Excludes: - recipes/** # UTF-8 headers not generally in these files @@ -27,4 +26,5 @@ WordArray: # The rescue exception statements in providers/**.rb need to be modified, # to rescue specific exceptions. RescueException: - Enabled: false + Exclude: + - providers/register.rb diff --git a/recipes/default.rb b/recipes/default.rb index 9c0e915..638e738 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 # # Cookbook Name:: openstack-identity # Recipe:: default diff --git a/recipes/registration.rb b/recipes/registration.rb index 18dc76c..c366374 100644 --- a/recipes/registration.rb +++ b/recipes/registration.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 # # Cookbook Name:: openstack-identity # Recipe:: setup @@ -18,31 +19,31 @@ # limitations under the License. # -require "uri" +require 'uri' -class ::Chef::Recipe +class ::Chef::Recipe # rubocop:disable Documentation include ::Openstack end -identity_admin_endpoint = endpoint "identity-admin" -identity_endpoint = endpoint "identity-api" +identity_admin_endpoint = endpoint 'identity-admin' +identity_endpoint = endpoint 'identity-api' -admin_tenant_name = node["openstack"]["identity"]["admin_tenant_name"] -admin_user = node["openstack"]["identity"]["admin_user"] -admin_pass = get_password "user", node["openstack"]["identity"]["admin_user"] +admin_tenant_name = node['openstack']['identity']['admin_tenant_name'] +admin_user = node['openstack']['identity']['admin_user'] +admin_pass = get_password 'user', node['openstack']['identity']['admin_user'] auth_uri = ::URI.decode identity_admin_endpoint.to_s -bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token" +bootstrap_token = secret 'secrets', 'openstack_identity_bootstrap_token' # We need to bootstrap the keystone admin user so that calls # to keystone_register will succeed, since those provider calls # use the admin tenant/user/pass to get an admin token. -bash "bootstrap-keystone-admin" do +bash 'bootstrap-keystone-admin' do # A shortcut bootstrap command was added to python-keystoneclient # in early Grizzly timeframe... but we need to do all the commands # here manually since the python-keystoneclient package included # in CloudArchive (for now) doesn't have it... - insecure = node["openstack"]["auth"]["validate_certs"] ? "" : " --insecure" + insecure = node['openstack']['auth']['validate_certs'] ? '' : ' --insecure' base_ks_cmd = "keystone#{insecure} --endpoint=#{auth_uri} --token=#{bootstrap_token}" code <<-EOF set -x @@ -75,10 +76,12 @@ exit 0 EOF end +# FIXME(galstrom21): This needs to be refactored, to not use a +# MultilineBlockChain. # Register all the tenants specified in the users hash -node["openstack"]["identity"]["users"].values.map do |user_info| - user_info["roles"].values.push(user_info["default_tenant"]) -end.flatten.uniq.each do |tenant_name| +node['openstack']['identity']['users'].values.map do |user_info| + user_info['roles'].values.push(user_info['default_tenant']) +end.flatten.uniq.each do |tenant_name| # rubocop: disable MultilineBlockChain openstack_identity_register "Register '#{tenant_name}' Tenant" do auth_uri auth_uri bootstrap_token bootstrap_token @@ -89,10 +92,12 @@ end.flatten.uniq.each do |tenant_name| end end +# FIXME(galstrom21): This needs to be refactored, to not use a +# MultilineBlockChain. # Register all the roles from the users hash -node["openstack"]["identity"]["users"].values.map do |user_info| - user_info["roles"].keys -end.flatten.uniq.each do |role_name| +node['openstack']['identity']['users'].values.map do |user_info| + user_info['roles'].keys +end.flatten.uniq.each do |role_name| # rubocop: disable MultilineBlockChain openstack_identity_register "Register '#{role_name.to_s}' Role" do auth_uri auth_uri bootstrap_token bootstrap_token @@ -102,20 +107,20 @@ end.flatten.uniq.each do |role_name| end end -node["openstack"]["identity"]["users"].each do |username, user_info| - pwd = get_password "user", username +node['openstack']['identity']['users'].each do |username, user_info| + pwd = get_password 'user', username openstack_identity_register "Register '#{username}' User" do auth_uri auth_uri bootstrap_token bootstrap_token user_name username user_pass pwd - tenant_name user_info["default_tenant"] + tenant_name user_info['default_tenant'] user_enabled true # Not required as this is the default action :create_user end - user_info["roles"].each do |rolename, tenant_list| + user_info['roles'].each do |rolename, tenant_list| tenant_list.each do |tenantname| openstack_identity_register "Grant '#{rolename}' Role to '#{username}' User in '#{tenantname}' Tenant" do auth_uri auth_uri @@ -130,42 +135,42 @@ node["openstack"]["identity"]["users"].each do |username, user_info| end end -openstack_identity_register "Register Identity Service" do +openstack_identity_register 'Register Identity Service' do auth_uri auth_uri bootstrap_token bootstrap_token - service_name "keystone" - service_type "identity" - service_description "Keystone Identity Service" + service_name 'keystone' + service_type 'identity' + service_description 'Keystone Identity Service' action :create_service end -node.set["openstack"]["identity"]["adminURL"] = identity_admin_endpoint.to_s -node.set["openstack"]["identity"]["internalURL"] = identity_endpoint.to_s -node.set["openstack"]["identity"]["publicURL"] = identity_endpoint.to_s +node.set['openstack']['identity']['adminURL'] = identity_admin_endpoint.to_s +node.set['openstack']['identity']['internalURL'] = identity_endpoint.to_s +node.set['openstack']['identity']['publicURL'] = identity_endpoint.to_s Chef::Log.info "Keystone AdminURL: #{identity_admin_endpoint.to_s}" Chef::Log.info "Keystone InternalURL: #{identity_endpoint.to_s}" Chef::Log.info "Keystone PublicURL: #{identity_endpoint.to_s}" -openstack_identity_register "Register Identity Endpoint" do +openstack_identity_register 'Register Identity Endpoint' do auth_uri auth_uri bootstrap_token bootstrap_token - service_type "identity" - endpoint_region node["openstack"]["identity"]["region"] - endpoint_adminurl node["openstack"]["identity"]["adminURL"] - endpoint_internalurl node["openstack"]["identity"]["adminURL"] - endpoint_publicurl node["openstack"]["identity"]["publicURL"] + service_type 'identity' + endpoint_region node['openstack']['identity']['region'] + endpoint_adminurl node['openstack']['identity']['adminURL'] + endpoint_internalurl node['openstack']['identity']['adminURL'] + endpoint_publicurl node['openstack']['identity']['publicURL'] action :create_endpoint end -node["openstack"]["identity"]["users"].each do |username, user_info| +node['openstack']['identity']['users'].each do |username, user_info| openstack_identity_register "Create EC2 credentials for '#{username}' user" do auth_uri auth_uri bootstrap_token bootstrap_token user_name username - tenant_name user_info["default_tenant"] + tenant_name user_info['default_tenant'] action :create_ec2_credentials end diff --git a/recipes/server.rb b/recipes/server.rb index 3eb20c1..65123d0 100644 --- a/recipes/server.rb +++ b/recipes/server.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 # # Cookbook Name:: openstack-identity # Recipe:: server @@ -6,30 +7,30 @@ # Copyright 2012-2013, Opscode, Inc. # Copyright 2013 SUSE LINUX Products GmbH. # -# Licensed under the Apache License, Version 2.0 (the "License"); +# Licensed under the Apache License, Version 2.0 (the 'License'); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, +# distributed under the License is distributed on an 'AS IS' BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # -require "uri" +require 'uri' -class ::Chef::Recipe +class ::Chef::Recipe # rubocop:disable Documentation include ::Openstack end -if node["openstack"]["identity"]["syslog"]["use"] - include_recipe "openstack-common::logging" +if node['openstack']['identity']['syslog']['use'] + include_recipe 'openstack-common::logging' end -platform_options = node["openstack"]["identity"]["platform"] +platform_options = node['openstack']['identity']['platform'] db_type = node['openstack']['db']['identity']['db_type'] unless db_type == 'sqlite' @@ -40,90 +41,90 @@ unless db_type == 'sqlite' end end -platform_options["memcache_python_packages"].each do |pkg| +platform_options['memcache_python_packages'].each do |pkg| package pkg do action :install end end -platform_options["keystone_packages"].each do |pkg| +platform_options['keystone_packages'].each do |pkg| package pkg do - options platform_options["package_options"] + options platform_options['package_options'] action :upgrade end end -execute "Keystone: sleep" do - command "sleep 10s" +execute 'Keystone: sleep' do + command 'sleep 10s' action :nothing end -service "keystone" do - service_name platform_options["keystone_service"] - supports :status => true, :restart => true +service 'keystone' do + service_name platform_options['keystone_service'] + supports status: true, restart: true - action [ :enable ] + action [:enable] - notifies :run, "execute[Keystone: sleep]", :immediately + notifies :run, 'execute[Keystone: sleep]', :immediately end -directory "/etc/keystone" do - owner node["openstack"]["identity"]["user"] - group node["openstack"]["identity"]["group"] +directory '/etc/keystone' do + owner node['openstack']['identity']['user'] + group node['openstack']['identity']['group'] mode 00700 end -directory node["openstack"]["identity"]["signing"]["basedir"] do - owner node["openstack"]["identity"]["user"] - group node["openstack"]["identity"]["group"] +directory node['openstack']['identity']['signing']['basedir'] do + owner node['openstack']['identity']['user'] + group node['openstack']['identity']['group'] mode 00700 - only_if { node["openstack"]["auth"]["strategy"] == "pki" } + only_if { node['openstack']['auth']['strategy'] == 'pki' } end -file "/var/lib/keystone/keystone.db" do +file '/var/lib/keystone/keystone.db' do action :delete - not_if { node["openstack"]["db"]["identity"]["db_type"] == "sqlite" } + not_if { node['openstack']['db']['identity']['db_type'] == 'sqlite' } end -execute "keystone-manage pki_setup" do - user node["openstack"]["identity"]["user"] +execute 'keystone-manage pki_setup' do + user node['openstack']['identity']['user'] - only_if { node["openstack"]["auth"]["strategy"] == "pki" } - not_if { ::FileTest.exists? node["openstack"]["identity"]["signing"]["keyfile"] } + only_if { node['openstack']['auth']['strategy'] == 'pki' } + not_if { ::FileTest.exists? node['openstack']['identity']['signing']['keyfile'] } end -identity_admin_endpoint = endpoint "identity-admin" -identity_endpoint = endpoint "identity-api" -compute_endpoint = endpoint "compute-api" -ec2_endpoint = endpoint "compute-ec2-api" -image_endpoint = endpoint "image-api" -network_endpoint = endpoint "network-api" -volume_endpoint = endpoint "volume-api" +identity_admin_endpoint = endpoint 'identity-admin' +identity_endpoint = endpoint 'identity-api' +compute_endpoint = endpoint 'compute-api' +ec2_endpoint = endpoint 'compute-ec2-api' +image_endpoint = endpoint 'image-api' +network_endpoint = endpoint 'network-api' +volume_endpoint = endpoint 'volume-api' -db_user = node["openstack"]["identity"]["db"]["username"] -db_pass = get_password "db", "keystone" -sql_connection = db_uri("identity", db_user, db_pass) +db_user = node['openstack']['identity']['db']['username'] +db_pass = get_password 'db', 'keystone' +sql_connection = db_uri('identity', db_user, db_pass) -bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token" +bootstrap_token = secret 'secrets', 'openstack_identity_bootstrap_token' -ip_address = address_for node["openstack"]["identity"]["bind_interface"] +ip_address = address_for node['openstack']['identity']['bind_interface'] # If the search role is set, we search for memcache # servers via a Chef search. If not, we look at the # memcache.servers attribute. -memcache_servers = memcached_servers.join "," # from openstack-common lib +memcache_servers = memcached_servers.join ',' # from openstack-common lib uris = { - 'identity-admin' => identity_admin_endpoint.to_s.gsub('%25','%'), - 'identity' => identity_endpoint.to_s.gsub('%25','%'), - 'image' => image_endpoint.to_s.gsub('%25','%'), - 'compute' => compute_endpoint.to_s.gsub('%25','%'), - 'ec2' => ec2_endpoint.to_s.gsub('%25','%'), - 'network' => network_endpoint.to_s.gsub('%25','%'), - 'volume' => volume_endpoint.to_s.gsub('%25','%') + 'identity-admin' => identity_admin_endpoint.to_s.gsub('%25', '%'), + 'identity' => identity_endpoint.to_s.gsub('%25', '%'), + 'image' => image_endpoint.to_s.gsub('%25', '%'), + 'compute' => compute_endpoint.to_s.gsub('%25', '%'), + 'ec2' => ec2_endpoint.to_s.gsub('%25', '%'), + 'network' => network_endpoint.to_s.gsub('%25', '%'), + 'volume' => volume_endpoint.to_s.gsub('%25', '%') } # These configuration endpoints must not have the path (v2.0, etc) @@ -134,39 +135,39 @@ public_endpoint = "#{ie.scheme}://#{ie.host}:#{ie.port}/" ae = identity_admin_endpoint admin_endpoint = "#{ae.scheme}://#{ae.host}:#{ae.port}/" -template "/etc/keystone/keystone.conf" do - source "keystone.conf.erb" - owner node["openstack"]["identity"]["user"] - group node["openstack"]["identity"]["group"] +template '/etc/keystone/keystone.conf' do + source 'keystone.conf.erb' + owner node['openstack']['identity']['user'] + group node['openstack']['identity']['group'] mode 00644 variables( - :sql_connection => sql_connection, - :ip_address => ip_address, - "bootstrap_token" => bootstrap_token, - "memcache_servers" => memcache_servers, - "uris" => uris, - "public_endpoint" => public_endpoint, - "admin_endpoint" => admin_endpoint, - "ldap" => node["openstack"]["identity"]["ldap"] + sql_connection: sql_connection, + ip_address: ip_address, + bootstrap_token: bootstrap_token, + memcache_servers: memcache_servers, + uris: uris, + public_endpoint: public_endpoint, + admin_endpoint: admin_endpoint, + ldap: node['openstack']['identity']['ldap'] ) - notifies :restart, "service[keystone]", :immediately + notifies :restart, 'service[keystone]', :immediately end -template "/etc/keystone/default_catalog.templates" do - source "default_catalog.templates.erb" - owner node["openstack"]["identity"]["user"] - group node["openstack"]["identity"]["group"] +template '/etc/keystone/default_catalog.templates' do + source 'default_catalog.templates.erb' + owner node['openstack']['identity']['user'] + group node['openstack']['identity']['group'] mode 00644 variables( - "uris" => uris + uris: uris ) - notifies :restart, "service[keystone]", :immediately - only_if { node["openstack"]["identity"]["catalog"]["backend"] == "templated" } + notifies :restart, 'service[keystone]', :immediately + only_if { node['openstack']['identity']['catalog']['backend'] == 'templated' } end # sync db after keystone.conf is generated -execute "keystone-manage db_sync" do - only_if { node["openstack"]["identity"]["db"]["migrate"] } +execute 'keystone-manage db_sync' do + only_if { node['openstack']['identity']['db']['migrate'] } end