Add security arguments for command heat-keystone-setup-domain in the recipe

Recently commit https://review.openstack.org/#/c/131698/ have
added some security related attributes. Add them into the recipe.

This command could also work under default configurations.

Change-Id: I0aa806874dabe040a395e96ecb2a6f62f658a6ec
This commit is contained in:
ZHU ZHU 2014-11-06 09:51:31 -06:00
parent 54bb483c5d
commit 866b5da6bd
3 changed files with 42 additions and 4 deletions

View File

@ -15,6 +15,7 @@ This file is used to list changes made in each version of cookbook-openstack-orc
* Make 3 schemes configurable instead of being the hardcoded http
* Add misc options for heat.conf
* Add cert_file, key_file, ca_file and insecure for clients_XXX so that they are configurable.
* Add security arguments for heat-keystone-setup-domain command
## 9.2.0
* python_packages database client attributes have been migrated to

View File

@ -147,14 +147,21 @@ if !stack_user_role.nil? && !stack_user_domain_name.nil? && !stack_domain_admin.
stack_domain_admin_password = get_password 'user', stack_domain_admin
admin_user = node['openstack']['identity']['admin_user']
admin_pass = get_password 'user', admin_user
ca_cert = node['openstack']['orchestration']['clients']['ca_file']
cert_file = node['openstack']['orchestration']['clients']['cert_file']
key_file = node['openstack']['orchestration']['clients']['key_file']
insecure = node['openstack']['orchestration']['clients']['insecure'] && '--insecure' || ''
execute 'heat-keystone-setup-domain' do
environment 'OS_USERNAME' => admin_user,
'OS_PASSWORD' => admin_pass,
'OS_AUTH_URL' => auth_url,
'OS_CACERT' => ca_cert,
'OS_CERT' => cert_file,
'OS_KEY' => key_file,
'HEAT_DOMAIN' => stack_user_domain_name,
'HEAT_DOMAIN_ADMIN' => stack_domain_admin,
'HEAT_DOMAIN_PASSWORD' => stack_domain_admin_password
action :run
command "heat-keystone-setup-domain #{insecure}"
end
end

View File

@ -148,16 +148,46 @@ describe 'openstack-orchestration::identity_registration' do
expect(chef_run).not_to run_execute('heat-keystone-setup-domain')
end
it 'calls domain setup script' do
it 'calls domain setup script with insecure mode' do
node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
node.set['openstack']['orchestration']['stack_user_domain_name'] = 'stack_user_domain_name'
node.set['openstack']['orchestration']['stack_domain_admin'] = 'stack_domain_admin'
node.set['openstack']['orchestration']['clients']['insecure'] = true
node.set['openstack']['endpoints']['identity-admin']['scheme'] = 'https'
expect(chef_run).to run_execute('heat-keystone-setup-domain')
expect(chef_run).to run_execute('heat-keystone-setup-domain --insecure')
.with(
environment: { 'OS_USERNAME' => 'admin',
'OS_PASSWORD' => 'admin_pass',
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v2.0',
'OS_AUTH_URL' => 'https://127.0.0.1:35357/v2.0',
'OS_CACERT' => nil,
'OS_CERT' => nil,
'OS_KEY' => nil,
'HEAT_DOMAIN' => 'stack_user_domain_name',
'HEAT_DOMAIN_ADMIN' => 'stack_domain_admin',
'HEAT_DOMAIN_PASSWORD' => 'stack_domain_admin_pass'
}
)
end
it 'calls domain setup script with secure mode' do
node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
node.set['openstack']['orchestration']['stack_user_domain_name'] = 'stack_user_domain_name'
node.set['openstack']['orchestration']['stack_domain_admin'] = 'stack_domain_admin'
node.set['openstack']['orchestration']['clients']['insecure'] = false
node.set['openstack']['orchestration']['clients']['ca_file'] = 'path/cacert'
node.set['openstack']['orchestration']['clients']['cert_file'] = 'path/cert_file'
node.set['openstack']['orchestration']['clients']['key_file'] = 'path/key_file'
node.set['openstack']['endpoints']['identity-admin']['scheme'] = 'https'
expect(chef_run).to run_execute('heat-keystone-setup-domain ')
.with(
environment: { 'OS_USERNAME' => 'admin',
'OS_PASSWORD' => 'admin_pass',
'OS_AUTH_URL' => 'https://127.0.0.1:35357/v2.0',
'OS_CACERT' => 'path/cacert',
'OS_CERT' => 'path/cert_file',
'OS_KEY' => 'path/key_file',
'HEAT_DOMAIN' => 'stack_user_domain_name',
'HEAT_DOMAIN_ADMIN' => 'stack_domain_admin',
'HEAT_DOMAIN_PASSWORD' => 'stack_domain_admin_pass'