Update keystone/authtoken.pp to match features of other modules
This patch refreshes keystone/authtoken.pp so that it behaves like the other modules. Namely, using the cafile feature was broken before this patch. Change-Id: I0cea57dd58b4ddc532ee28a045ec4b75b8312919
This commit is contained in:
Thomas Goirand
parent
5ef05e79dc
commit
3e357838fb
|
|
@ -4,13 +4,14 @@
|
|||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*password*]
|
||||
# (Required) Password to create for the service user
|
||||
#
|
||||
# [*username*]
|
||||
# (Optional) The name of the service user
|
||||
# Defaults to 'magnum'
|
||||
#
|
||||
# [*password*]
|
||||
# (Required) Password to create for the service user
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*auth_url*]
|
||||
# (Optional) The URL to use for authentication.
|
||||
# Defaults to 'http://localhost:5000'
|
||||
|
|
@ -29,7 +30,8 @@
|
|||
#
|
||||
# [*insecure*]
|
||||
# (Optional) If true, explicitly allow TLS without checking server cert
|
||||
# against any certificate authorities. WARNING: not recommended. Use with caution.
|
||||
# against any certificate authorities. WARNING: not recommended. Use with
|
||||
# caution.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*auth_section*]
|
||||
|
|
@ -53,7 +55,8 @@
|
|||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*cafile*]
|
||||
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs connections.
|
||||
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
|
||||
# connections.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*certfile*]
|
||||
|
|
@ -62,8 +65,8 @@
|
|||
#
|
||||
# [*delay_auth_decision*]
|
||||
# (Optional) Do not handle authorization requests within the middleware, but
|
||||
# delegate the authorization decision to downstream WSGI components.
|
||||
# Boolean value
|
||||
# delegate the authorization decision to downstream WSGI components. Boolean
|
||||
# value
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*enforce_token_bind*]
|
||||
|
|
@ -183,8 +186,8 @@
|
|||
# Defaults to undef.
|
||||
#
|
||||
class magnum::keystone::authtoken(
|
||||
$password,
|
||||
$username = 'magnum',
|
||||
$password = $::os_service_default,
|
||||
$auth_url = 'http://localhost:5000',
|
||||
$project_name = 'services',
|
||||
$user_domain_name = 'Default',
|
||||
|
|
@ -223,6 +226,10 @@ class magnum::keystone::authtoken(
|
|||
|
||||
include ::magnum::deps
|
||||
|
||||
if is_service_default($password) {
|
||||
fail('Please set password for magnum service user')
|
||||
}
|
||||
|
||||
if $check_revocations_for_cached {
|
||||
warning('check_revocations_for_cached parameter is deprecated, has no effect and will be removed in the future.')
|
||||
}
|
||||
|
|
@ -242,12 +249,16 @@ class magnum::keystone::authtoken(
|
|||
auth_section => $auth_section,
|
||||
user_domain_name => $user_domain_name,
|
||||
project_domain_name => $project_domain_name,
|
||||
insecure => $insecure,
|
||||
cache => $cache,
|
||||
cafile => $cafile,
|
||||
certfile => $certfile,
|
||||
delay_auth_decision => $delay_auth_decision,
|
||||
enforce_token_bind => $enforce_token_bind,
|
||||
http_connect_timeout => $http_connect_timeout,
|
||||
http_request_max_retries => $http_request_max_retries,
|
||||
include_service_catalog => $include_service_catalog,
|
||||
keyfile => $keyfile,
|
||||
memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
|
||||
memcache_pool_dead_retry => $memcache_pool_dead_retry,
|
||||
memcache_pool_maxsize => $memcache_pool_maxsize,
|
||||
|
|
@ -262,11 +273,7 @@ class magnum::keystone::authtoken(
|
|||
token_cache_time => $token_cache_time,
|
||||
service_token_roles_required => $service_token_roles_required,
|
||||
}
|
||||
|
||||
magnum_config {
|
||||
'keystone_authtoken/admin_tenant_name': value => $project_name;
|
||||
'keystone_authtoken/admin_user' : value => $username;
|
||||
'keystone_authtoken/admin_password' : value => $password, secret => true;
|
||||
'keystone_auth/cafile' : value => $cafile;
|
||||
'keystone_auth/keyfile' : value => $keyfile;
|
||||
'keystone_auth/certfile' : value => $certfile;
|
||||
|
|
|
|||
|
|
@ -19,21 +19,22 @@ describe 'magnum::keystone::authtoken' do
|
|||
is_expected.to contain_magnum_config('keystone_authtoken/password').with_value('magnum_password')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/auth_url').with_value('http://localhost:5000')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/project_name').with_value('services')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/admin_user').with_value('magnum')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/admin_password').with_value('magnum_password')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/admin_tenant_name').with_value('services')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/user_domain_name').with_value('Default')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/project_domain_name').with_value('Default')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/insecure').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/auth_section').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/auth_type').with_value('password')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/www_authenticate_uri').with_value('http://localhost:5000')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/auth_version').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/cache').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/cafile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/certfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/delay_auth_decision').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/enforce_token_bind').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/http_connect_timeout').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/http_request_max_retries').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/include_service_catalog').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/keyfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/memcache_pool_conn_get_timeout').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/memcache_pool_dead_retry').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/memcache_pool_maxsize').with_value('<SERVICE DEFAULT>')
|
||||
|
|
@ -98,20 +99,21 @@ describe 'magnum::keystone::authtoken' do
|
|||
is_expected.to contain_magnum_config('keystone_authtoken/password').with_value(params[:password]).with_secret(true)
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/auth_url').with_value(params[:auth_url])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/project_name').with_value(params[:project_name])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/admin_user').with_value(params[:username])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/admin_password').with_value(params[:password]).with_secret(true)
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/admin_tenant_name').with_value(params[:project_name])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/user_domain_name').with_value(params[:user_domain_name])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/project_domain_name').with_value(params[:project_domain_name])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/insecure').with_value(params[:insecure])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/auth_section').with_value(params[:auth_section])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/auth_type').with_value(params[:auth_type])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/auth_version').with_value(params[:auth_version])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/cache').with_value(params[:cache])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/cafile').with_value(params[:cafile])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/certfile').with_value(params[:certfile])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/delay_auth_decision').with_value(params[:delay_auth_decision])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/enforce_token_bind').with_value(params[:enforce_token_bind])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/http_connect_timeout').with_value(params[:http_connect_timeout])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/http_request_max_retries').with_value(params[:http_request_max_retries])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/include_service_catalog').with_value(params[:include_service_catalog])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/keyfile').with_value(params[:keyfile])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/memcache_pool_conn_get_timeout').with_value(params[:memcache_pool_conn_get_timeout])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/memcache_pool_dead_retry').with_value(params[:memcache_pool_dead_retry])
|
||||
is_expected.to contain_magnum_config('keystone_authtoken/memcache_pool_maxsize').with_value(params[:memcache_pool_maxsize])
|
||||
|
|
|
|||
Loading…
Reference in New Issue