Merge "Do not update barbican_api pipeline when keystone auth is used"
This commit is contained in:
commit
e33720ddb6
|
@ -407,30 +407,25 @@ class barbican::api (
|
|||
'secretstore/stores_lookup_suffix': value => $enabled_secret_stores;
|
||||
}
|
||||
|
||||
# TODO(tkajinam): Make sure the barbican_api pipeline is reset from the wrong
|
||||
# value defined because of bug 1946378.
|
||||
# This logic should be removed after Yoga cycle
|
||||
barbican_api_paste_ini {
|
||||
'pipeline:barbican_api/pipeline': value => 'cors http_proxy_to_wsgi unauthenticated-context apiapp';
|
||||
}
|
||||
|
||||
# keystone config
|
||||
if $auth_strategy == 'keystone' {
|
||||
|
||||
include barbican::keystone::authtoken
|
||||
|
||||
barbican_api_paste_ini {
|
||||
'pipeline:barbican_api/pipeline': value => 'cors authtoken context apiapp';
|
||||
}
|
||||
|
||||
} else {
|
||||
barbican_api_paste_ini {
|
||||
'pipeline:barbican_api/pipeline': value => 'cors unauthenticated-context apiapp';
|
||||
}
|
||||
|
||||
barbican_config {
|
||||
'keystone_authtoken/auth_plugin': ensure => 'absent';
|
||||
'keystone_authtoken/auth_type': ensure => 'absent';
|
||||
'keystone_authtoken/www_authenticate_uri': ensure => 'absent';
|
||||
'keystone_authtoken/project_name': ensure => 'absent';
|
||||
'keystone_authtoken/username': ensure => 'absent';
|
||||
'keystone_authtoken/password': ensure => 'absent';
|
||||
'keystone_authtoken/user_domain_id': ensure => 'absent';
|
||||
'keystone_authtoken/project_domain_id': ensure => 'absent';
|
||||
}
|
||||
# TODO(tkajinam): We need to fix the barbican_api_paste_ini provider to
|
||||
# support the following configuration.
|
||||
#
|
||||
# [composite:main]
|
||||
# ...
|
||||
# /v1: barbican_api
|
||||
#
|
||||
warning('The pipeline definiton should be updated manually when keystone is not used')
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -197,6 +197,11 @@ describe 'barbican::api' do
|
|||
is_expected.to contain_barbican_config('secretstore/enable_multiple_secret_stores') \
|
||||
.with_value(param_hash[:multiple_secret_stores_enabled])
|
||||
end
|
||||
|
||||
it 'resets the barbican_api pipeline' do
|
||||
is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\
|
||||
.with_value('cors http_proxy_to_wsgi unauthenticated-context apiapp')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -297,8 +302,6 @@ describe 'barbican::api' do
|
|||
end
|
||||
|
||||
it 'is_expected.to set keystone params correctly' do
|
||||
is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\
|
||||
.with_value('cors authtoken context apiapp')
|
||||
is_expected.to contain_class('barbican::keystone::authtoken')
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue