Fix three issues breaking CI
1. Change cert plugin from snakeoil to simple_certificate The snakeoil plugin offers more functionality, but requires a little more setup. Ultimately, though, we will likely replace this plugin with the dogtag plugin, if we do not disable the cert functionality altogether. For now, as at least one plugin is required, we use the simple_certificate plugin, which requires no setup. 2. Make sure Barbican packaging is installed before db-sync CI is currently failing because db-sync does not work, python-pymysql is installed *after* running db-sync and this is wrong. This patch makes sure things like this don't happen anymore. 3. Move keystone settings to barbican.conf The current settings (in barbican-api-paste.ini) were not working and putting them in barbican.conf is more in line with other projects. Change-Id: Ifa3171f794be527c8df66894572ebf2f893986da
This commit is contained in:
parent
84bffbecb9
commit
63c72cda5a
|
@ -411,23 +411,31 @@ class barbican::api (
|
|||
}
|
||||
|
||||
barbican_api_paste_ini {
|
||||
'pipeline:barbican_api/pipeline': value => 'cors authtoken context apiapp';
|
||||
'filter:authtoken/auth_url': value => $auth_url;
|
||||
'filter:authtoken/project_name': value => $keystone_tenant;
|
||||
'filter:authtoken/username': value => $keystone_user;
|
||||
'filter:authtoken/password': value => $keystone_password, secret => true;
|
||||
'filter:authtoken/user_domain_id': value => $user_domain_id;
|
||||
'filter:authtoken/project_domain_id': value => $project_domain_id;
|
||||
'pipeline:barbican_api/pipeline': value => 'cors authtoken context apiapp';
|
||||
}
|
||||
|
||||
barbican_config {
|
||||
'keystone_authtoken/auth_plugin': value => 'password';
|
||||
'keystone_authtoken/auth_url': value => $auth_url;
|
||||
'keystone_authtoken/project_name': value => $keystone_tenant;
|
||||
'keystone_authtoken/username': value => $keystone_user;
|
||||
'keystone_authtoken/password': value => $keystone_password, secret => true;
|
||||
'keystone_authtoken/user_domain_id': value => $user_domain_id;
|
||||
'keystone_authtoken/project_domain_id': value => $project_domain_id;
|
||||
}
|
||||
} else {
|
||||
barbican_api_paste_ini {
|
||||
'pipeline:barbican_api/pipeline': value => 'cors unauthenticated-context apiapp';
|
||||
'filter:authtoken/auth_url': ensure => 'absent';
|
||||
'filter:authtoken/project_name': ensure => 'absent';
|
||||
'filter:authtoken/username': ensure => 'absent';
|
||||
'filter:authtoken/password': ensure => 'absent';
|
||||
'filter:authtoken/user_domain_id': ensure => 'absent';
|
||||
'filter:authtoken/project_domain_id': ensure => 'absent';
|
||||
'pipeline:barbican_api/pipeline': value => 'cors unauthenticated-context apiapp';
|
||||
}
|
||||
|
||||
barbican_config {
|
||||
'keystone_authtoken/auth_plugin': ensure => 'absent';
|
||||
'keystone_authtoken/auth_uri': ensure => 'absent';
|
||||
'keystone_authtoken/project_name': ensure => 'absent';
|
||||
'keystone_authtoken/username': ensure => 'absent';
|
||||
'keystone_authtoken/password': ensure => 'absent';
|
||||
'keystone_authtoken/user_domain_id': ensure => 'absent';
|
||||
'keystone_authtoken/project_domain_id': ensure => 'absent';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -16,8 +16,11 @@ class barbican::db::sync(
|
|||
path => '/usr/bin',
|
||||
user => 'barbican',
|
||||
refreshonly => true,
|
||||
subscribe => [Package['barbican-api'], Barbican_config['database/connection'], Barbican_config['DEFAULT/sql_connection'], ]
|
||||
}
|
||||
|
||||
Barbican_config <| title == 'database/connection' |> ~> Exec['barbican-db-manage']
|
||||
Barbican_config <| title == 'DEFAULT/sql_connection' |> ~> Exec['barbican-db-manage']
|
||||
Package <| tag == 'barbican-package' |> ~> Exec['barbican-db-manage']
|
||||
Package <| tag == 'openstack' |> -> Exec['barbican-db-manage']
|
||||
Exec['barbican-db-manage'] ~> Service<| title == 'barbican-api' |>
|
||||
}
|
||||
|
|
|
@ -41,7 +41,7 @@ describe 'barbican::api basic test class' do
|
|||
auth_type => 'keystone',
|
||||
keystone_password => 'a_big_secret',
|
||||
service_name => 'httpd',
|
||||
enabled_certificate_plugins => ['snakeoil_ca'],
|
||||
enabled_certificate_plugins => ['simple_certificate'],
|
||||
db_auto_create => false,
|
||||
}
|
||||
|
||||
|
|
|
@ -225,9 +225,9 @@ describe 'barbican::api' do
|
|||
it 'is_expected.to set keystone params correctly' do
|
||||
is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\
|
||||
.with_value('cors authtoken context apiapp')
|
||||
is_expected.to contain_barbican_api_paste_ini('filter:authtoken/auth_url')\
|
||||
is_expected.to contain_barbican_config('keystone_authtoken/auth_url')\
|
||||
.with_value('http://localhost:35357')
|
||||
is_expected.to contain_barbican_api_paste_ini('filter:authtoken/project_name')\
|
||||
is_expected.to contain_barbican_config('keystone_authtoken/project_name')\
|
||||
.with_value('services')
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue