Update keystone configuration code

Upstream Barbican has moved to keystone v3. This patch makes the necessary modifications to the keystone config code. Change-Id: I5ffe3820d3d26dbc3012dc362bcbf0da41c3d155
2016-05-20 18:27:10 -04:00 · 2016-05-20 18:27:10 -04:00 · d0b6140df4
parent 3f3e8e4633
commit d0b6140df4
2 changed files with 31 additions and 17 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -172,7 +172,7 @@
 #   (optional) authentication type
 #   Defaults to 'keystone'
 #
-# [*identity_uri*]
+# [*auth_url*]
 #   (optional) identity server URI, needed for keystone auth
 #   Defaults to 'http://localhost:35357'
 #
@ -195,6 +195,14 @@
 #   (optional) User to authenticate as with keystone.
 #   Defaults to 'barbican'.
 #
+# [*project_domain_id*]
+#   (optional) Auth user project's domain ID
+#   Defaults to 'default'
+#
+# [*user_domain_id*]
+#   (optional) Auth user's domain ID
+#   Defaults to 'default'
+#
 # [*sync_db*]
 #   (optional) Run barbican-db-manage on api nodes.
 #   Defaults to true
@ -251,10 +259,12 @@ class barbican::api (
  $kombu_reconnect_delay                         = $::os_service_default,
  $kombu_compression                             = $::os_service_default,
  $auth_type                                     = 'keystone',
-  $identity_uri                                  = 'http://localhost:35357',
+  $auth_url                                      = 'http://localhost:35357',
  $keystone_password                             = undef,
  $keystone_tenant                               = 'services',
  $keystone_user                                 = 'barbican',
+  $project_domain_id                             = 'default',
+  $user_domain_id                                = 'default',
  $manage_service                                = true,
  $enabled                                       = true,
  $sync_db                                       = true,
@ -380,19 +390,23 @@ class barbican::api (
    }

    barbican_api_paste_ini {
-      'pipeline:barbican_api/pipeline':              value => 'cors keystone_authtoken context apiapp';
-      'filter:keystone_authtoken/identity_uri':      value => $identity_uri;
-      'filter:keystone_authtoken/admin_tenant_name': value => $keystone_tenant;
-      'filter:keystone_authtoken/admin_user'       : value => $keystone_user;
-      'filter:keystone_authtoken/admin_password'   : value => $keystone_password, secret => true;
+      'pipeline:barbican_api/pipeline':     value => 'cors authtoken context apiapp';
+      'filter:authtoken/auth_url':          value => $auth_url;
+      'filter:authtoken/project_name':      value => $keystone_tenant;
+      'filter:authtoken/username':          value => $keystone_user;
+      'filter:authtoken/password':          value => $keystone_password, secret => true;
+      'filter:authtoken/user_domain_id':    value => $user_domain_id;
+      'filter:authtoken/project_domain_id': value => $project_domain_id;
    }
  } else {
    barbican_api_paste_ini {
-      'pipeline:barbican_api/pipeline':              value => 'cors unauthenticated-context apiapp';
-      'filter:keystone_authtoken/identity_uri':      ensure => 'absent';
-      'filter:keystone_authtoken/admin_tenant_name': ensure => 'absent';
-      'filter:keystone_authtoken/admin_user'       : ensure => 'absent';
-      'filter:keystone_authtoken/admin_password'   : ensure => 'absent';
+      'pipeline:barbican_api/pipeline':     value => 'cors unauthenticated-context apiapp';
+      'filter:authtoken/auth_url':          ensure => 'absent';
+      'filter:authtoken/project_name':      ensure => 'absent';
+      'filter:authtoken/username':          ensure => 'absent';
+      'filter:authtoken/password':          ensure => 'absent';
+      'filter:authtoken/user_domain_id':    ensure => 'absent';
+      'filter:authtoken/project_domain_id': ensure => 'absent';
    }
  }

--- a/spec/classes/barbican_api_spec.rb
+++ b/spec/classes/barbican_api_spec.rb
@ -46,7 +46,7 @@ describe 'barbican::api' do
      :enabled_certificate_plugins                   => ['<SERVICE DEFAULT>'],
      :enabled_certificate_event_plugins             => ['<SERVICE DEFAULT>'],
      :auth_type                                     => 'keystone',
-      :identity_uri                                  => 'http://localhost:35357',
+      :auth_url                                      => 'http://localhost:35357',
      :keystone_password                             => 'foo',
      :retry_scheduler_initial_delay_seconds         => '<SERVICE DEFAULT>',
      :retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
@ -92,7 +92,7 @@ describe 'barbican::api' do
      :max_allowed_secret_in_bytes                   => 20000,
      :max_allowed_request_size_in_bytes             => 2000000,
      :enabled                                       => false,
-      :identity_uri                                  => 'https://keystone.example.com:35357',
+      :auth_url                                      => 'https://keystone.example.com:35357',
      :keystone_password                             => 'bar',
    }
  ].each do |param_set|
@ -182,10 +182,10 @@ describe 'barbican::api' do

    it 'is_expected.to set keystone params correctly' do
      is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\
-        .with_value('cors keystone_authtoken context apiapp')
-      is_expected.to contain_barbican_api_paste_ini('filter:keystone_authtoken/identity_uri')\
+        .with_value('cors authtoken context apiapp')
+      is_expected.to contain_barbican_api_paste_ini('filter:authtoken/auth_url')\
        .with_value('http://localhost:35357')
-      is_expected.to contain_barbican_api_paste_ini('filter:keystone_authtoken/admin_tenant_name')\
+      is_expected.to contain_barbican_api_paste_ini('filter:authtoken/project_name')\
        .with_value('services')
    end
  end