Update keystone configuration code
Upstream Barbican has moved to keystone v3. This patch makes the necessary modifications to the keystone config code. Change-Id: I5ffe3820d3d26dbc3012dc362bcbf0da41c3d155
This commit is contained in:
parent
3f3e8e4633
commit
d0b6140df4
|
@ -172,7 +172,7 @@
|
|||
# (optional) authentication type
|
||||
# Defaults to 'keystone'
|
||||
#
|
||||
# [*identity_uri*]
|
||||
# [*auth_url*]
|
||||
# (optional) identity server URI, needed for keystone auth
|
||||
# Defaults to 'http://localhost:35357'
|
||||
#
|
||||
|
@ -195,6 +195,14 @@
|
|||
# (optional) User to authenticate as with keystone.
|
||||
# Defaults to 'barbican'.
|
||||
#
|
||||
# [*project_domain_id*]
|
||||
# (optional) Auth user project's domain ID
|
||||
# Defaults to 'default'
|
||||
#
|
||||
# [*user_domain_id*]
|
||||
# (optional) Auth user's domain ID
|
||||
# Defaults to 'default'
|
||||
#
|
||||
# [*sync_db*]
|
||||
# (optional) Run barbican-db-manage on api nodes.
|
||||
# Defaults to true
|
||||
|
@ -251,10 +259,12 @@ class barbican::api (
|
|||
$kombu_reconnect_delay = $::os_service_default,
|
||||
$kombu_compression = $::os_service_default,
|
||||
$auth_type = 'keystone',
|
||||
$identity_uri = 'http://localhost:35357',
|
||||
$auth_url = 'http://localhost:35357',
|
||||
$keystone_password = undef,
|
||||
$keystone_tenant = 'services',
|
||||
$keystone_user = 'barbican',
|
||||
$project_domain_id = 'default',
|
||||
$user_domain_id = 'default',
|
||||
$manage_service = true,
|
||||
$enabled = true,
|
||||
$sync_db = true,
|
||||
|
@ -380,19 +390,23 @@ class barbican::api (
|
|||
}
|
||||
|
||||
barbican_api_paste_ini {
|
||||
'pipeline:barbican_api/pipeline': value => 'cors keystone_authtoken context apiapp';
|
||||
'filter:keystone_authtoken/identity_uri': value => $identity_uri;
|
||||
'filter:keystone_authtoken/admin_tenant_name': value => $keystone_tenant;
|
||||
'filter:keystone_authtoken/admin_user' : value => $keystone_user;
|
||||
'filter:keystone_authtoken/admin_password' : value => $keystone_password, secret => true;
|
||||
'pipeline:barbican_api/pipeline': value => 'cors authtoken context apiapp';
|
||||
'filter:authtoken/auth_url': value => $auth_url;
|
||||
'filter:authtoken/project_name': value => $keystone_tenant;
|
||||
'filter:authtoken/username': value => $keystone_user;
|
||||
'filter:authtoken/password': value => $keystone_password, secret => true;
|
||||
'filter:authtoken/user_domain_id': value => $user_domain_id;
|
||||
'filter:authtoken/project_domain_id': value => $project_domain_id;
|
||||
}
|
||||
} else {
|
||||
barbican_api_paste_ini {
|
||||
'pipeline:barbican_api/pipeline': value => 'cors unauthenticated-context apiapp';
|
||||
'filter:keystone_authtoken/identity_uri': ensure => 'absent';
|
||||
'filter:keystone_authtoken/admin_tenant_name': ensure => 'absent';
|
||||
'filter:keystone_authtoken/admin_user' : ensure => 'absent';
|
||||
'filter:keystone_authtoken/admin_password' : ensure => 'absent';
|
||||
'pipeline:barbican_api/pipeline': value => 'cors unauthenticated-context apiapp';
|
||||
'filter:authtoken/auth_url': ensure => 'absent';
|
||||
'filter:authtoken/project_name': ensure => 'absent';
|
||||
'filter:authtoken/username': ensure => 'absent';
|
||||
'filter:authtoken/password': ensure => 'absent';
|
||||
'filter:authtoken/user_domain_id': ensure => 'absent';
|
||||
'filter:authtoken/project_domain_id': ensure => 'absent';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ describe 'barbican::api' do
|
|||
:enabled_certificate_plugins => ['<SERVICE DEFAULT>'],
|
||||
:enabled_certificate_event_plugins => ['<SERVICE DEFAULT>'],
|
||||
:auth_type => 'keystone',
|
||||
:identity_uri => 'http://localhost:35357',
|
||||
:auth_url => 'http://localhost:35357',
|
||||
:keystone_password => 'foo',
|
||||
:retry_scheduler_initial_delay_seconds => '<SERVICE DEFAULT>',
|
||||
:retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
|
||||
|
@ -92,7 +92,7 @@ describe 'barbican::api' do
|
|||
:max_allowed_secret_in_bytes => 20000,
|
||||
:max_allowed_request_size_in_bytes => 2000000,
|
||||
:enabled => false,
|
||||
:identity_uri => 'https://keystone.example.com:35357',
|
||||
:auth_url => 'https://keystone.example.com:35357',
|
||||
:keystone_password => 'bar',
|
||||
}
|
||||
].each do |param_set|
|
||||
|
@ -182,10 +182,10 @@ describe 'barbican::api' do
|
|||
|
||||
it 'is_expected.to set keystone params correctly' do
|
||||
is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\
|
||||
.with_value('cors keystone_authtoken context apiapp')
|
||||
is_expected.to contain_barbican_api_paste_ini('filter:keystone_authtoken/identity_uri')\
|
||||
.with_value('cors authtoken context apiapp')
|
||||
is_expected.to contain_barbican_api_paste_ini('filter:authtoken/auth_url')\
|
||||
.with_value('http://localhost:35357')
|
||||
is_expected.to contain_barbican_api_paste_ini('filter:keystone_authtoken/admin_tenant_name')\
|
||||
is_expected.to contain_barbican_api_paste_ini('filter:authtoken/project_name')\
|
||||
.with_value('services')
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue