Add security arguments for command heat-keystone-setup-domain in the recipe
Recently commit https://review.openstack.org/#/c/131698/ have added some security related attributes. Add them into the recipe. This command could also work under default configurations. Change-Id: I0aa806874dabe040a395e96ecb2a6f62f658a6ec
This commit is contained in:
parent
54bb483c5d
commit
866b5da6bd
|
@ -15,6 +15,7 @@ This file is used to list changes made in each version of cookbook-openstack-orc
|
|||
* Make 3 schemes configurable instead of being the hardcoded http
|
||||
* Add misc options for heat.conf
|
||||
* Add cert_file, key_file, ca_file and insecure for clients_XXX so that they are configurable.
|
||||
* Add security arguments for heat-keystone-setup-domain command
|
||||
|
||||
## 9.2.0
|
||||
* python_packages database client attributes have been migrated to
|
||||
|
|
|
@ -147,14 +147,21 @@ if !stack_user_role.nil? && !stack_user_domain_name.nil? && !stack_domain_admin.
|
|||
stack_domain_admin_password = get_password 'user', stack_domain_admin
|
||||
admin_user = node['openstack']['identity']['admin_user']
|
||||
admin_pass = get_password 'user', admin_user
|
||||
ca_cert = node['openstack']['orchestration']['clients']['ca_file']
|
||||
cert_file = node['openstack']['orchestration']['clients']['cert_file']
|
||||
key_file = node['openstack']['orchestration']['clients']['key_file']
|
||||
insecure = node['openstack']['orchestration']['clients']['insecure'] && '--insecure' || ''
|
||||
|
||||
execute 'heat-keystone-setup-domain' do
|
||||
environment 'OS_USERNAME' => admin_user,
|
||||
'OS_PASSWORD' => admin_pass,
|
||||
'OS_AUTH_URL' => auth_url,
|
||||
'OS_CACERT' => ca_cert,
|
||||
'OS_CERT' => cert_file,
|
||||
'OS_KEY' => key_file,
|
||||
'HEAT_DOMAIN' => stack_user_domain_name,
|
||||
'HEAT_DOMAIN_ADMIN' => stack_domain_admin,
|
||||
'HEAT_DOMAIN_PASSWORD' => stack_domain_admin_password
|
||||
action :run
|
||||
command "heat-keystone-setup-domain #{insecure}"
|
||||
end
|
||||
end
|
||||
|
|
|
@ -148,16 +148,46 @@ describe 'openstack-orchestration::identity_registration' do
|
|||
expect(chef_run).not_to run_execute('heat-keystone-setup-domain')
|
||||
end
|
||||
|
||||
it 'calls domain setup script' do
|
||||
it 'calls domain setup script with insecure mode' do
|
||||
node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
|
||||
node.set['openstack']['orchestration']['stack_user_domain_name'] = 'stack_user_domain_name'
|
||||
node.set['openstack']['orchestration']['stack_domain_admin'] = 'stack_domain_admin'
|
||||
node.set['openstack']['orchestration']['clients']['insecure'] = true
|
||||
node.set['openstack']['endpoints']['identity-admin']['scheme'] = 'https'
|
||||
|
||||
expect(chef_run).to run_execute('heat-keystone-setup-domain')
|
||||
expect(chef_run).to run_execute('heat-keystone-setup-domain --insecure')
|
||||
.with(
|
||||
environment: { 'OS_USERNAME' => 'admin',
|
||||
'OS_PASSWORD' => 'admin_pass',
|
||||
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v2.0',
|
||||
'OS_AUTH_URL' => 'https://127.0.0.1:35357/v2.0',
|
||||
'OS_CACERT' => nil,
|
||||
'OS_CERT' => nil,
|
||||
'OS_KEY' => nil,
|
||||
'HEAT_DOMAIN' => 'stack_user_domain_name',
|
||||
'HEAT_DOMAIN_ADMIN' => 'stack_domain_admin',
|
||||
'HEAT_DOMAIN_PASSWORD' => 'stack_domain_admin_pass'
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
it 'calls domain setup script with secure mode' do
|
||||
node.set['openstack']['orchestration']['heat_stack_user_role'] = 'heat_stack_user'
|
||||
node.set['openstack']['orchestration']['stack_user_domain_name'] = 'stack_user_domain_name'
|
||||
node.set['openstack']['orchestration']['stack_domain_admin'] = 'stack_domain_admin'
|
||||
node.set['openstack']['orchestration']['clients']['insecure'] = false
|
||||
node.set['openstack']['orchestration']['clients']['ca_file'] = 'path/cacert'
|
||||
node.set['openstack']['orchestration']['clients']['cert_file'] = 'path/cert_file'
|
||||
node.set['openstack']['orchestration']['clients']['key_file'] = 'path/key_file'
|
||||
node.set['openstack']['endpoints']['identity-admin']['scheme'] = 'https'
|
||||
|
||||
expect(chef_run).to run_execute('heat-keystone-setup-domain ')
|
||||
.with(
|
||||
environment: { 'OS_USERNAME' => 'admin',
|
||||
'OS_PASSWORD' => 'admin_pass',
|
||||
'OS_AUTH_URL' => 'https://127.0.0.1:35357/v2.0',
|
||||
'OS_CACERT' => 'path/cacert',
|
||||
'OS_CERT' => 'path/cert_file',
|
||||
'OS_KEY' => 'path/key_file',
|
||||
'HEAT_DOMAIN' => 'stack_user_domain_name',
|
||||
'HEAT_DOMAIN_ADMIN' => 'stack_domain_admin',
|
||||
'HEAT_DOMAIN_PASSWORD' => 'stack_domain_admin_pass'
|
||||
|
|
Loading…
Reference in New Issue