Rubocop support for recipes/*.rb
Change-Id: Ic6b09f84fbecefbb33404d64f25eca4e38e17bed Addresses: blueprint rubocop-for-identity
This commit is contained in:
parent
036e537165
commit
378ffc2cc1
@ -6,7 +6,6 @@ AllCops:
|
||||
- providers/**
|
||||
- resources/**
|
||||
- spec/**
|
||||
Excludes:
|
||||
- recipes/**
|
||||
|
||||
# UTF-8 headers not generally in these files
|
||||
@ -27,4 +26,5 @@ WordArray:
|
||||
# The rescue exception statements in providers/**.rb need to be modified,
|
||||
# to rescue specific exceptions.
|
||||
RescueException:
|
||||
Enabled: false
|
||||
Exclude:
|
||||
- providers/register.rb
|
||||
|
@ -1,3 +1,4 @@
|
||||
# encoding: UTF-8
|
||||
#
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Recipe:: default
|
||||
|
@ -1,3 +1,4 @@
|
||||
# encoding: UTF-8
|
||||
#
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Recipe:: setup
|
||||
@ -18,31 +19,31 @@
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
require "uri"
|
||||
require 'uri'
|
||||
|
||||
class ::Chef::Recipe
|
||||
class ::Chef::Recipe # rubocop:disable Documentation
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
identity_admin_endpoint = endpoint "identity-admin"
|
||||
identity_endpoint = endpoint "identity-api"
|
||||
identity_admin_endpoint = endpoint 'identity-admin'
|
||||
identity_endpoint = endpoint 'identity-api'
|
||||
|
||||
admin_tenant_name = node["openstack"]["identity"]["admin_tenant_name"]
|
||||
admin_user = node["openstack"]["identity"]["admin_user"]
|
||||
admin_pass = get_password "user", node["openstack"]["identity"]["admin_user"]
|
||||
admin_tenant_name = node['openstack']['identity']['admin_tenant_name']
|
||||
admin_user = node['openstack']['identity']['admin_user']
|
||||
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
||||
auth_uri = ::URI.decode identity_admin_endpoint.to_s
|
||||
|
||||
bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token"
|
||||
bootstrap_token = secret 'secrets', 'openstack_identity_bootstrap_token'
|
||||
|
||||
# We need to bootstrap the keystone admin user so that calls
|
||||
# to keystone_register will succeed, since those provider calls
|
||||
# use the admin tenant/user/pass to get an admin token.
|
||||
bash "bootstrap-keystone-admin" do
|
||||
bash 'bootstrap-keystone-admin' do
|
||||
# A shortcut bootstrap command was added to python-keystoneclient
|
||||
# in early Grizzly timeframe... but we need to do all the commands
|
||||
# here manually since the python-keystoneclient package included
|
||||
# in CloudArchive (for now) doesn't have it...
|
||||
insecure = node["openstack"]["auth"]["validate_certs"] ? "" : " --insecure"
|
||||
insecure = node['openstack']['auth']['validate_certs'] ? '' : ' --insecure'
|
||||
base_ks_cmd = "keystone#{insecure} --endpoint=#{auth_uri} --token=#{bootstrap_token}"
|
||||
code <<-EOF
|
||||
set -x
|
||||
@ -75,10 +76,12 @@ exit 0
|
||||
EOF
|
||||
end
|
||||
|
||||
# FIXME(galstrom21): This needs to be refactored, to not use a
|
||||
# MultilineBlockChain.
|
||||
# Register all the tenants specified in the users hash
|
||||
node["openstack"]["identity"]["users"].values.map do |user_info|
|
||||
user_info["roles"].values.push(user_info["default_tenant"])
|
||||
end.flatten.uniq.each do |tenant_name|
|
||||
node['openstack']['identity']['users'].values.map do |user_info|
|
||||
user_info['roles'].values.push(user_info['default_tenant'])
|
||||
end.flatten.uniq.each do |tenant_name| # rubocop: disable MultilineBlockChain
|
||||
openstack_identity_register "Register '#{tenant_name}' Tenant" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
@ -89,10 +92,12 @@ end.flatten.uniq.each do |tenant_name|
|
||||
end
|
||||
end
|
||||
|
||||
# FIXME(galstrom21): This needs to be refactored, to not use a
|
||||
# MultilineBlockChain.
|
||||
# Register all the roles from the users hash
|
||||
node["openstack"]["identity"]["users"].values.map do |user_info|
|
||||
user_info["roles"].keys
|
||||
end.flatten.uniq.each do |role_name|
|
||||
node['openstack']['identity']['users'].values.map do |user_info|
|
||||
user_info['roles'].keys
|
||||
end.flatten.uniq.each do |role_name| # rubocop: disable MultilineBlockChain
|
||||
openstack_identity_register "Register '#{role_name.to_s}' Role" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
@ -102,20 +107,20 @@ end.flatten.uniq.each do |role_name|
|
||||
end
|
||||
end
|
||||
|
||||
node["openstack"]["identity"]["users"].each do |username, user_info|
|
||||
pwd = get_password "user", username
|
||||
node['openstack']['identity']['users'].each do |username, user_info|
|
||||
pwd = get_password 'user', username
|
||||
openstack_identity_register "Register '#{username}' User" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
user_name username
|
||||
user_pass pwd
|
||||
tenant_name user_info["default_tenant"]
|
||||
tenant_name user_info['default_tenant']
|
||||
user_enabled true # Not required as this is the default
|
||||
|
||||
action :create_user
|
||||
end
|
||||
|
||||
user_info["roles"].each do |rolename, tenant_list|
|
||||
user_info['roles'].each do |rolename, tenant_list|
|
||||
tenant_list.each do |tenantname|
|
||||
openstack_identity_register "Grant '#{rolename}' Role to '#{username}' User in '#{tenantname}' Tenant" do
|
||||
auth_uri auth_uri
|
||||
@ -130,42 +135,42 @@ node["openstack"]["identity"]["users"].each do |username, user_info|
|
||||
end
|
||||
end
|
||||
|
||||
openstack_identity_register "Register Identity Service" do
|
||||
openstack_identity_register 'Register Identity Service' do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
service_name "keystone"
|
||||
service_type "identity"
|
||||
service_description "Keystone Identity Service"
|
||||
service_name 'keystone'
|
||||
service_type 'identity'
|
||||
service_description 'Keystone Identity Service'
|
||||
|
||||
action :create_service
|
||||
end
|
||||
|
||||
node.set["openstack"]["identity"]["adminURL"] = identity_admin_endpoint.to_s
|
||||
node.set["openstack"]["identity"]["internalURL"] = identity_endpoint.to_s
|
||||
node.set["openstack"]["identity"]["publicURL"] = identity_endpoint.to_s
|
||||
node.set['openstack']['identity']['adminURL'] = identity_admin_endpoint.to_s
|
||||
node.set['openstack']['identity']['internalURL'] = identity_endpoint.to_s
|
||||
node.set['openstack']['identity']['publicURL'] = identity_endpoint.to_s
|
||||
|
||||
Chef::Log.info "Keystone AdminURL: #{identity_admin_endpoint.to_s}"
|
||||
Chef::Log.info "Keystone InternalURL: #{identity_endpoint.to_s}"
|
||||
Chef::Log.info "Keystone PublicURL: #{identity_endpoint.to_s}"
|
||||
|
||||
openstack_identity_register "Register Identity Endpoint" do
|
||||
openstack_identity_register 'Register Identity Endpoint' do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
service_type "identity"
|
||||
endpoint_region node["openstack"]["identity"]["region"]
|
||||
endpoint_adminurl node["openstack"]["identity"]["adminURL"]
|
||||
endpoint_internalurl node["openstack"]["identity"]["adminURL"]
|
||||
endpoint_publicurl node["openstack"]["identity"]["publicURL"]
|
||||
service_type 'identity'
|
||||
endpoint_region node['openstack']['identity']['region']
|
||||
endpoint_adminurl node['openstack']['identity']['adminURL']
|
||||
endpoint_internalurl node['openstack']['identity']['adminURL']
|
||||
endpoint_publicurl node['openstack']['identity']['publicURL']
|
||||
|
||||
action :create_endpoint
|
||||
end
|
||||
|
||||
node["openstack"]["identity"]["users"].each do |username, user_info|
|
||||
node['openstack']['identity']['users'].each do |username, user_info|
|
||||
openstack_identity_register "Create EC2 credentials for '#{username}' user" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
user_name username
|
||||
tenant_name user_info["default_tenant"]
|
||||
tenant_name user_info['default_tenant']
|
||||
|
||||
action :create_ec2_credentials
|
||||
end
|
||||
|
@ -1,3 +1,4 @@
|
||||
# encoding: UTF-8
|
||||
#
|
||||
# Cookbook Name:: openstack-identity
|
||||
# Recipe:: server
|
||||
@ -6,30 +7,30 @@
|
||||
# Copyright 2012-2013, Opscode, Inc.
|
||||
# Copyright 2013 SUSE LINUX Products GmbH.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# Licensed under the Apache License, Version 2.0 (the 'License');
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# distributed under the License is distributed on an 'AS IS' BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
require "uri"
|
||||
require 'uri'
|
||||
|
||||
class ::Chef::Recipe
|
||||
class ::Chef::Recipe # rubocop:disable Documentation
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
if node["openstack"]["identity"]["syslog"]["use"]
|
||||
include_recipe "openstack-common::logging"
|
||||
if node['openstack']['identity']['syslog']['use']
|
||||
include_recipe 'openstack-common::logging'
|
||||
end
|
||||
|
||||
platform_options = node["openstack"]["identity"]["platform"]
|
||||
platform_options = node['openstack']['identity']['platform']
|
||||
|
||||
db_type = node['openstack']['db']['identity']['db_type']
|
||||
unless db_type == 'sqlite'
|
||||
@ -40,90 +41,90 @@ unless db_type == 'sqlite'
|
||||
end
|
||||
end
|
||||
|
||||
platform_options["memcache_python_packages"].each do |pkg|
|
||||
platform_options['memcache_python_packages'].each do |pkg|
|
||||
package pkg do
|
||||
action :install
|
||||
end
|
||||
end
|
||||
|
||||
platform_options["keystone_packages"].each do |pkg|
|
||||
platform_options['keystone_packages'].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options["package_options"]
|
||||
options platform_options['package_options']
|
||||
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
||||
execute "Keystone: sleep" do
|
||||
command "sleep 10s"
|
||||
execute 'Keystone: sleep' do
|
||||
command 'sleep 10s'
|
||||
|
||||
action :nothing
|
||||
end
|
||||
|
||||
service "keystone" do
|
||||
service_name platform_options["keystone_service"]
|
||||
supports :status => true, :restart => true
|
||||
service 'keystone' do
|
||||
service_name platform_options['keystone_service']
|
||||
supports status: true, restart: true
|
||||
|
||||
action [ :enable ]
|
||||
action [:enable]
|
||||
|
||||
notifies :run, "execute[Keystone: sleep]", :immediately
|
||||
notifies :run, 'execute[Keystone: sleep]', :immediately
|
||||
end
|
||||
|
||||
directory "/etc/keystone" do
|
||||
owner node["openstack"]["identity"]["user"]
|
||||
group node["openstack"]["identity"]["group"]
|
||||
directory '/etc/keystone' do
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00700
|
||||
end
|
||||
|
||||
directory node["openstack"]["identity"]["signing"]["basedir"] do
|
||||
owner node["openstack"]["identity"]["user"]
|
||||
group node["openstack"]["identity"]["group"]
|
||||
directory node['openstack']['identity']['signing']['basedir'] do
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00700
|
||||
|
||||
only_if { node["openstack"]["auth"]["strategy"] == "pki" }
|
||||
only_if { node['openstack']['auth']['strategy'] == 'pki' }
|
||||
end
|
||||
|
||||
file "/var/lib/keystone/keystone.db" do
|
||||
file '/var/lib/keystone/keystone.db' do
|
||||
action :delete
|
||||
not_if { node["openstack"]["db"]["identity"]["db_type"] == "sqlite" }
|
||||
not_if { node['openstack']['db']['identity']['db_type'] == 'sqlite' }
|
||||
end
|
||||
|
||||
execute "keystone-manage pki_setup" do
|
||||
user node["openstack"]["identity"]["user"]
|
||||
execute 'keystone-manage pki_setup' do
|
||||
user node['openstack']['identity']['user']
|
||||
|
||||
only_if { node["openstack"]["auth"]["strategy"] == "pki" }
|
||||
not_if { ::FileTest.exists? node["openstack"]["identity"]["signing"]["keyfile"] }
|
||||
only_if { node['openstack']['auth']['strategy'] == 'pki' }
|
||||
not_if { ::FileTest.exists? node['openstack']['identity']['signing']['keyfile'] }
|
||||
end
|
||||
|
||||
identity_admin_endpoint = endpoint "identity-admin"
|
||||
identity_endpoint = endpoint "identity-api"
|
||||
compute_endpoint = endpoint "compute-api"
|
||||
ec2_endpoint = endpoint "compute-ec2-api"
|
||||
image_endpoint = endpoint "image-api"
|
||||
network_endpoint = endpoint "network-api"
|
||||
volume_endpoint = endpoint "volume-api"
|
||||
identity_admin_endpoint = endpoint 'identity-admin'
|
||||
identity_endpoint = endpoint 'identity-api'
|
||||
compute_endpoint = endpoint 'compute-api'
|
||||
ec2_endpoint = endpoint 'compute-ec2-api'
|
||||
image_endpoint = endpoint 'image-api'
|
||||
network_endpoint = endpoint 'network-api'
|
||||
volume_endpoint = endpoint 'volume-api'
|
||||
|
||||
db_user = node["openstack"]["identity"]["db"]["username"]
|
||||
db_pass = get_password "db", "keystone"
|
||||
sql_connection = db_uri("identity", db_user, db_pass)
|
||||
db_user = node['openstack']['identity']['db']['username']
|
||||
db_pass = get_password 'db', 'keystone'
|
||||
sql_connection = db_uri('identity', db_user, db_pass)
|
||||
|
||||
bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token"
|
||||
bootstrap_token = secret 'secrets', 'openstack_identity_bootstrap_token'
|
||||
|
||||
ip_address = address_for node["openstack"]["identity"]["bind_interface"]
|
||||
ip_address = address_for node['openstack']['identity']['bind_interface']
|
||||
|
||||
# If the search role is set, we search for memcache
|
||||
# servers via a Chef search. If not, we look at the
|
||||
# memcache.servers attribute.
|
||||
memcache_servers = memcached_servers.join "," # from openstack-common lib
|
||||
memcache_servers = memcached_servers.join ',' # from openstack-common lib
|
||||
|
||||
uris = {
|
||||
'identity-admin' => identity_admin_endpoint.to_s.gsub('%25','%'),
|
||||
'identity' => identity_endpoint.to_s.gsub('%25','%'),
|
||||
'image' => image_endpoint.to_s.gsub('%25','%'),
|
||||
'compute' => compute_endpoint.to_s.gsub('%25','%'),
|
||||
'ec2' => ec2_endpoint.to_s.gsub('%25','%'),
|
||||
'network' => network_endpoint.to_s.gsub('%25','%'),
|
||||
'volume' => volume_endpoint.to_s.gsub('%25','%')
|
||||
'identity-admin' => identity_admin_endpoint.to_s.gsub('%25', '%'),
|
||||
'identity' => identity_endpoint.to_s.gsub('%25', '%'),
|
||||
'image' => image_endpoint.to_s.gsub('%25', '%'),
|
||||
'compute' => compute_endpoint.to_s.gsub('%25', '%'),
|
||||
'ec2' => ec2_endpoint.to_s.gsub('%25', '%'),
|
||||
'network' => network_endpoint.to_s.gsub('%25', '%'),
|
||||
'volume' => volume_endpoint.to_s.gsub('%25', '%')
|
||||
}
|
||||
|
||||
# These configuration endpoints must not have the path (v2.0, etc)
|
||||
@ -134,39 +135,39 @@ public_endpoint = "#{ie.scheme}://#{ie.host}:#{ie.port}/"
|
||||
ae = identity_admin_endpoint
|
||||
admin_endpoint = "#{ae.scheme}://#{ae.host}:#{ae.port}/"
|
||||
|
||||
template "/etc/keystone/keystone.conf" do
|
||||
source "keystone.conf.erb"
|
||||
owner node["openstack"]["identity"]["user"]
|
||||
group node["openstack"]["identity"]["group"]
|
||||
template '/etc/keystone/keystone.conf' do
|
||||
source 'keystone.conf.erb'
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00644
|
||||
variables(
|
||||
:sql_connection => sql_connection,
|
||||
:ip_address => ip_address,
|
||||
"bootstrap_token" => bootstrap_token,
|
||||
"memcache_servers" => memcache_servers,
|
||||
"uris" => uris,
|
||||
"public_endpoint" => public_endpoint,
|
||||
"admin_endpoint" => admin_endpoint,
|
||||
"ldap" => node["openstack"]["identity"]["ldap"]
|
||||
sql_connection: sql_connection,
|
||||
ip_address: ip_address,
|
||||
bootstrap_token: bootstrap_token,
|
||||
memcache_servers: memcache_servers,
|
||||
uris: uris,
|
||||
public_endpoint: public_endpoint,
|
||||
admin_endpoint: admin_endpoint,
|
||||
ldap: node['openstack']['identity']['ldap']
|
||||
)
|
||||
|
||||
notifies :restart, "service[keystone]", :immediately
|
||||
notifies :restart, 'service[keystone]', :immediately
|
||||
end
|
||||
|
||||
template "/etc/keystone/default_catalog.templates" do
|
||||
source "default_catalog.templates.erb"
|
||||
owner node["openstack"]["identity"]["user"]
|
||||
group node["openstack"]["identity"]["group"]
|
||||
template '/etc/keystone/default_catalog.templates' do
|
||||
source 'default_catalog.templates.erb'
|
||||
owner node['openstack']['identity']['user']
|
||||
group node['openstack']['identity']['group']
|
||||
mode 00644
|
||||
variables(
|
||||
"uris" => uris
|
||||
uris: uris
|
||||
)
|
||||
|
||||
notifies :restart, "service[keystone]", :immediately
|
||||
only_if { node["openstack"]["identity"]["catalog"]["backend"] == "templated" }
|
||||
notifies :restart, 'service[keystone]', :immediately
|
||||
only_if { node['openstack']['identity']['catalog']['backend'] == 'templated' }
|
||||
end
|
||||
|
||||
# sync db after keystone.conf is generated
|
||||
execute "keystone-manage db_sync" do
|
||||
only_if { node["openstack"]["identity"]["db"]["migrate"] }
|
||||
execute 'keystone-manage db_sync' do
|
||||
only_if { node['openstack']['identity']['db']['migrate'] }
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user