From 20c63bb66b18fa3988eacf496afcbb2f524663c1 Mon Sep 17 00:00:00 2001
From: Mark Vanderwiel <vanderwl@us.ibm.com>
Date: Mon, 15 Sep 2014 11:53:42 -0500
Subject: [PATCH] Add attributes for role and domain info

Change-Id: I439a5f77325833e3e4e23778d453af4542fe64ef
Closes-bug: #1369654
---
 CHANGELOG.md                    |  1 +
 attributes/default.rb           | 10 ++++++++++
 recipes/common.rb               |  6 ++++++
 spec/spec_helper.rb             | 29 +++++++++++++++++++++++++++++
 templates/default/heat.conf.erb | 19 ++++++++++++++++++-
 5 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c744ba0..d82f754 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ This file is used to list changes made in each version of cookbook-openstack-orc
 * Upgrading berkshelf from 2.0.18 to 3.1.5
 * Update mode for heat.conf from 644 to 640
 * Add cafile, memcached_servers, memcache_security_strategy, memcache_secret_key, insecure and hash_algorithms so that they are configurable.
+* Add attributes for stack role and domain users
 
 ## 9.2.0
 * python_packages database client attributes have been migrated to
diff --git a/attributes/default.rb b/attributes/default.rb
index e28af05..f928b44 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -60,6 +60,16 @@ default['openstack']['orchestration']['api']['auth']['cafile'] = nil
 # Whether to allow the client to perform insecure SSL (https) requests
 default['openstack']['orchestration']['api']['auth']['insecure'] = false
 
+# Keystone role for heat template-defined users. (string value)
+default['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
+
+# Keystone domain name which contains heat template-defined users. (string value)
+default['openstack']['orchestration']['stack_user_domain_name'] = nil
+
+# Keystone username, a user with roles sufficient to manage
+# users and projects in the stack_user_domain. (string value)
+default['openstack']['orchestration']['stack_domain_admin'] = nil
+
 # If set, heat API service will bind to the address on this interface,
 # otherwise it will bind to the API endpoint's host.
 default['openstack']['orchestration']['api']['bind_interface'] = nil
diff --git a/recipes/common.rb b/recipes/common.rb
index a3b31d1..f2ec74b 100644
--- a/recipes/common.rb
+++ b/recipes/common.rb
@@ -64,6 +64,11 @@ heat_api_cloudwatch_endpoint = endpoint 'orchestration-api-cloudwatch'
 
 service_pass = get_password 'service', 'openstack-orchestration'
 
+stack_domain_admin_password = nil
+if node['openstack']['orchestration']['stack_domain_admin']
+  stack_domain_admin_password = get_password 'user', node['openstack']['orchestration']['stack_domain_admin']
+end
+
 auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['api']['auth']['version']
 
 mq_service_type = node['openstack']['mq']['orchestration']['service_type']
@@ -103,6 +108,7 @@ template '/etc/heat/heat.conf' do
   owner  node['openstack']['orchestration']['user']
   mode   00640
   variables(
+    stack_domain_admin_password: stack_domain_admin_password,
     mq_service_type: mq_service_type,
     mq_password: mq_password,
     rabbit_hosts: rabbit_hosts,
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 9374610..10e0e6b 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -43,6 +43,9 @@ shared_context 'orchestration_stubs' do
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
       .with('user', 'admin-user')
       .and_return 'admin-pass'
+    allow_any_instance_of(Chef::Recipe).to receive(:get_password)
+      .with('user', 'heat_stack_admin')
+      .and_return 'heat_stack_domain_admin_password'
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
       .with('service', 'openstack-orchestration')
       .and_return 'heat-pass'
@@ -229,6 +232,32 @@ shared_examples 'expects to create heat conf' do
       end
     end
 
+    describe 'domain values' do
+      it 'has corrrect default domain values' do
+        [
+          /^stack_user_domain_name=/,
+          /^stack_domain_admin=/,
+          /^stack_domain_admin_password=/
+        ].each do |line|
+          expect(chef_run).not_to render_file(file.name).with_content(line)
+        end
+      end
+
+      it 'has domain override values' do
+        node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user_test'
+        node.set['openstack']['orchestration']['stack_user_domain_name'] = 'heat'
+        node.set['openstack']['orchestration']['stack_domain_admin'] = 'heat_stack_admin'
+        [
+          /^heat_stack_user_role=heat_stack_user_test$/,
+          /^stack_user_domain_name=heat$/,
+          /^stack_domain_admin=heat_stack_admin$/,
+          /^stack_domain_admin_password=heat_stack_domain_admin_password$/
+        ].each do |line|
+          expect(chef_run).to render_file(file.name).with_content(line)
+        end
+      end
+    end
+
     describe 'has qpid values' do
       it 'has default qpid_* values' do
         node.set['openstack']['mq']['orchestration']['service_type'] = 'qpid'
diff --git a/templates/default/heat.conf.erb b/templates/default/heat.conf.erb
index 95bc2ed..ca0a8ce 100644
--- a/templates/default/heat.conf.erb
+++ b/templates/default/heat.conf.erb
@@ -104,9 +104,14 @@ heat_watch_server_url=http://<%= @heat_api_cloudwatch_endpoint.host %>:<%= @heat
 # value)
 region_name_for_services=<%= node['openstack']['orchestration']['region'] %>
 
+
 # Keystone role for heat template-defined users. (string
 # value)
-#heat_stack_user_role=heat_stack_user
+<% if node['openstack']['orchestration']['heat_stack_user_role'] -%>
+heat_stack_user_role=<%= node['openstack']['orchestration']['heat_stack_user_role'] %>
+<% else -%>
+#heat_stack_user_role=<None>
+<% end -%>
 
 # Keystone domain ID which contains heat template-defined
 # users. If this option is set, stack_user_domain_name option
@@ -117,15 +122,27 @@ region_name_for_services=<%= node['openstack']['orchestration']['region'] %>
 # Keystone domain name which contains heat template-defined
 # users. If `stack_user_domain_id` option is set, this option
 # is ignored. (string value)
+<% if node['openstack']['orchestration']['stack_user_domain_name'] -%>
+stack_user_domain_name=<%= node['openstack']['orchestration']['stack_user_domain_name'] %>
+<% else -%>
 #stack_user_domain_name=<None>
+<% end -%>
 
 # Keystone username, a user with roles sufficient to manage
 # users and projects in the stack_user_domain. (string value)
+<% if node['openstack']['orchestration']['stack_domain_admin'] -%>
+stack_domain_admin=<%= node['openstack']['orchestration']['stack_domain_admin'] %>
+<% else -%>
 #stack_domain_admin=<None>
+<% end -%>
 
 # Keystone password for stack_domain_admin user. (string
 # value)
+<% if @stack_domain_admin_password -%>
+stack_domain_admin_password=<%= @stack_domain_admin_password %>
+<% else -%>
 #stack_domain_admin_password=<None>
+<% end -%>
 
 # Maximum raw byte size of any template. (integer value)
 #max_template_size=524288