openstack/puppet-ceph
Code Issues Proposed changes

Added rgw_keystone_implicit_tenants to ceph::rgw::keystone

Browse Source 
Set to true for private tenant for each new user (1).

1: http://docs.ceph.com/docs/master/radosgw/keystone/

Change-Id: I8e0c08b3ab5812bbd75fdeed176655fefe2c631a
Closes-Bug: 1743602
This commit is contained in:
Keith Schincke 2018-01-16 12:32:31 -05:00
parent fbb6b1ce97
commit 0626ccc0a9
3 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
manifests/rgw/keystone.pp
View File

@ -71,6 +71,10 @@
# #
# [*rgw_keystone_admin_password*] The password for OpenStack admin user # [*rgw_keystone_admin_password*] The password for OpenStack admin user
# Required if rgw_keystone_version is 'v3'. # Required if rgw_keystone_version is 'v3'.
#
# [*rgw_keystone_implicit_tenants*] Set 'true' for a private tenant
# for each user.
# Defaults is true
define ceph::rgw::keystone ( define ceph::rgw::keystone (
$rgw_keystone_admin_token = undef, $rgw_keystone_admin_token = undef,
@ -87,6 +91,7 @@ define ceph::rgw::keystone (
$rgw_keystone_admin_project = $::ceph::profile::params::rgw_keystone_admin_project, $rgw_keystone_admin_project = $::ceph::profile::params::rgw_keystone_admin_project,
$rgw_keystone_admin_user = $::ceph::profile::params::rgw_keystone_admin_user, $rgw_keystone_admin_user = $::ceph::profile::params::rgw_keystone_admin_user,
$rgw_keystone_admin_password = $::ceph::profile::params::rgw_keystone_admin_password, $rgw_keystone_admin_password = $::ceph::profile::params::rgw_keystone_admin_password,
$rgw_keystone_implicit_tenants = true,
) { ) {
unless $name =~ /^radosgw\..+/ { unless $name =~ /^radosgw\..+/ {
@ -98,6 +103,7 @@ define ceph::rgw::keystone (
"client.${name}/rgw_keystone_accepted_roles": value => join(any2array($rgw_keystone_accepted_roles), ','); "client.${name}/rgw_keystone_accepted_roles": value => join(any2array($rgw_keystone_accepted_roles), ',');
"client.${name}/rgw_keystone_token_cache_size": value => $rgw_keystone_token_cache_size; "client.${name}/rgw_keystone_token_cache_size": value => $rgw_keystone_token_cache_size;
"client.${name}/rgw_s3_auth_use_keystone": value => $rgw_s3_auth_use_keystone; "client.${name}/rgw_s3_auth_use_keystone": value => $rgw_s3_auth_use_keystone;
"client.${name}/rgw_keystone_implicit_tenants": value => $rgw_keystone_implicit_tenants;
} }
if $rgw_keystone_version == 'v2.0' { if $rgw_keystone_version == 'v2.0' {

5
releasenotes/notes/bug-1743602-f7aa5f3ca3173f28.yaml Normal file
View File

@ -0,0 +1,5 @@
---
fixes:
- |
Added rgw_keystone_implicit_tenants to ceph::rgw::keystone. Setting
to true creates a new tenant per user.

6
spec/defines/ceph_rgw_keystone_spec.rb
View File

@ -67,6 +67,7 @@ describe 'ceph::rgw::keystone' do
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) } it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_keystone_revocation_interval').with_value(600) } it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_keystone_revocation_interval').with_value(600) }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/nss_db_path').with_value('/var/lib/ceph/nss') } it { is_expected.to contain_ceph_config('client.radosgw.gateway/nss_db_path').with_value('/var/lib/ceph/nss') }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_keystone_implicit_tenants').with_value(true) }
it { is_expected.to contain_exec('radosgw.gateway-nssdb-ca').with( it { is_expected.to contain_exec('radosgw.gateway-nssdb-ca').with(
'command' => "/bin/true # comment to satisfy puppet syntax requirements 'command' => "/bin/true # comment to satisfy puppet syntax requirements
@ -113,6 +114,7 @@ wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/signi
:use_pki => false, :use_pki => false,
:rgw_keystone_revocation_interval => 200, :rgw_keystone_revocation_interval => 200,
:nss_db_path => '/some/path/to/nss', :nss_db_path => '/some/path/to/nss',
:rgw_keystone_implicit_tenants => false,
} }
end end
@ -123,6 +125,7 @@ wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/signi
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) } it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) }
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_keystone_revocation_interval').with_ensure('absent') } it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_keystone_revocation_interval').with_ensure('absent') }
it { is_expected.to contain_ceph_config('client.radosgw.custom/nss_db_path').with_ensure('absent') } it { is_expected.to contain_ceph_config('client.radosgw.custom/nss_db_path').with_ensure('absent') }
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_keystone_implicit_tenants').with_value(false) }
it { is_expected.to_not contain_exec('radosgw.custom-nssdb-ca').with( it { is_expected.to_not contain_exec('radosgw.custom-nssdb-ca').with(
'command' => "/bin/true # comment to satisfy puppet syntax requirements 'command' => "/bin/true # comment to satisfy puppet syntax requirements
@ -227,6 +230,7 @@ wget --no-check-certificate http://keystone.custom:5000/v2.0/certificates/signin
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) } it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_keystone_revocation_interval').with_value(600) } it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_keystone_revocation_interval').with_value(600) }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/nss_db_path').with_value('/var/lib/ceph/nss') } it { is_expected.to contain_ceph_config('client.radosgw.gateway/nss_db_path').with_value('/var/lib/ceph/nss') }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_keystone_implicit_tenants').with_value(true) }
it { is_expected.to contain_exec('radosgw.gateway-nssdb-ca').with( it { is_expected.to contain_exec('radosgw.gateway-nssdb-ca').with(
'command' => "/bin/true # comment to satisfy puppet syntax requirements 'command' => "/bin/true # comment to satisfy puppet syntax requirements
@ -272,6 +276,7 @@ wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/signi
:use_pki => false, :use_pki => false,
:rgw_keystone_revocation_interval => 200, :rgw_keystone_revocation_interval => 200,
:nss_db_path => '/some/path/to/nss', :nss_db_path => '/some/path/to/nss',
:rgw_keystone_implicit_tenants => false,
} }
end end
@ -282,6 +287,7 @@ wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/signi
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) } it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) }
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_keystone_revocation_interval').with_ensure('absent') } it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_keystone_revocation_interval').with_ensure('absent') }
it { is_expected.to contain_ceph_config('client.radosgw.custom/nss_db_path').with_ensure('absent') } it { is_expected.to contain_ceph_config('client.radosgw.custom/nss_db_path').with_ensure('absent') }
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_keystone_implicit_tenants').with_value(false) }
it { is_expected.to_not contain_exec('radosgw.custom-nssdb-ca').with( it { is_expected.to_not contain_exec('radosgw.custom-nssdb-ca').with(
'command' => "/bin/true # comment to satisfy puppet syntax requirements 'command' => "/bin/true # comment to satisfy puppet syntax requirements