Implement class to configure parameters to use service token
This patch introduces cinder::keystone::service_user class to configure parameters to enable service token feature in Cinder. Depends-on: https://review.opendev.org/#/c/666467 Change-Id: I79362b30107826e67f0bf6dce9371a24bc3ef2dd
This commit is contained in:
parent
ebebc891fa
commit
c978ba07e7
101
manifests/keystone/service_user.pp
Normal file
101
manifests/keystone/service_user.pp
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
# class: cinder::keystone::service_user
|
||||||
|
#
|
||||||
|
# Configure the service_user section in the configuration file
|
||||||
|
#
|
||||||
|
# === Parameters
|
||||||
|
#
|
||||||
|
# [*username*]
|
||||||
|
# (Optional) The name of the service user
|
||||||
|
# Defaults to 'cinder'
|
||||||
|
#
|
||||||
|
# [*password*]
|
||||||
|
# (Optional) Password to create for the service user
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*auth_url*]
|
||||||
|
# (Optional) The URL to use for authentication.
|
||||||
|
# Defaults to 'http://localhost:5000'.
|
||||||
|
#
|
||||||
|
# [*project_name*]
|
||||||
|
# (Optional) Service project name
|
||||||
|
# Defaults to 'services'
|
||||||
|
#
|
||||||
|
# [*user_domain_name*]
|
||||||
|
# (Optional) Name of domain for $username
|
||||||
|
# Defaults to 'Default'
|
||||||
|
#
|
||||||
|
# [*project_domain_name*]
|
||||||
|
# (Optional) Name of domain for $project_name
|
||||||
|
# Defaults to 'Default'
|
||||||
|
#
|
||||||
|
# [*send_service_user_token*]
|
||||||
|
# (Optional) The service uses service token feature when this is set as true
|
||||||
|
# Defaults to 'false'
|
||||||
|
#
|
||||||
|
# [*insecure*]
|
||||||
|
# (Optional) If true, explicitly allow TLS without checking server cert
|
||||||
|
# against any certificate authorities. WARNING: not recommended. Use with
|
||||||
|
# caution.
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*auth_type*]
|
||||||
|
# (Optional) Authentication type to load
|
||||||
|
# Defaults to 'password'
|
||||||
|
#
|
||||||
|
# [*auth_version*]
|
||||||
|
# (Optional) API version of the admin Identity API endpoint.
|
||||||
|
# Defaults to $::os_service_default.
|
||||||
|
#
|
||||||
|
# [*cafile*]
|
||||||
|
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
|
||||||
|
# connections.
|
||||||
|
# Defaults to $::os_service_default.
|
||||||
|
#
|
||||||
|
# [*certfile*]
|
||||||
|
# (Optional) Required if identity server requires client certificate
|
||||||
|
# Defaults to $::os_service_default.
|
||||||
|
#
|
||||||
|
# [*keyfile*]
|
||||||
|
# (Optional) Required if identity server requires client certificate
|
||||||
|
# Defaults to $::os_service_default.
|
||||||
|
#
|
||||||
|
# [*region_name*]
|
||||||
|
# (Optional) The region in which the identity server can be found.
|
||||||
|
# Defaults to $::os_service_default.
|
||||||
|
#
|
||||||
|
class cinder::keystone::service_user(
|
||||||
|
$username = 'cinder',
|
||||||
|
$password = $::os_service_default,
|
||||||
|
$auth_url = 'http://localhost:5000',
|
||||||
|
$project_name = 'services',
|
||||||
|
$user_domain_name = 'Default',
|
||||||
|
$project_domain_name = 'Default',
|
||||||
|
$send_service_user_token = false,
|
||||||
|
$insecure = $::os_service_default,
|
||||||
|
$auth_type = 'password',
|
||||||
|
$auth_version = $::os_service_default,
|
||||||
|
$cafile = $::os_service_default,
|
||||||
|
$certfile = $::os_service_default,
|
||||||
|
$keyfile = $::os_service_default,
|
||||||
|
$region_name = $::os_service_default,
|
||||||
|
) {
|
||||||
|
|
||||||
|
include ::cinder::deps
|
||||||
|
|
||||||
|
keystone::resource::service_user { 'cinder_config':
|
||||||
|
username => $username,
|
||||||
|
password => $password,
|
||||||
|
project_name => $project_name,
|
||||||
|
auth_url => $auth_url,
|
||||||
|
auth_version => $auth_version,
|
||||||
|
auth_type => $auth_type,
|
||||||
|
user_domain_name => $user_domain_name,
|
||||||
|
project_domain_name => $project_domain_name,
|
||||||
|
send_service_user_token => $send_service_user_token,
|
||||||
|
insecure => $insecure,
|
||||||
|
cafile => $cafile,
|
||||||
|
certfile => $certfile,
|
||||||
|
keyfile => $keyfile,
|
||||||
|
region_name => $region_name,
|
||||||
|
}
|
||||||
|
}
|
5
releasenotes/notes/service_token-94dd15b7ee9af228.yaml
Normal file
5
releasenotes/notes/service_token-94dd15b7ee9af228.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
New class, cinder::keystone::service_user, is introduced to configure
|
||||||
|
parameters to service token feature.
|
80
spec/classes/cinder_keystone_service_user_spec.rb
Normal file
80
spec/classes/cinder_keystone_service_user_spec.rb
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'cinder::keystone::service_user' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:password => 'cinder_password',
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
shared_examples 'cinder service_user' do
|
||||||
|
context 'with default parameters' do
|
||||||
|
it 'configure service_user' do
|
||||||
|
is_expected.to contain_cinder_config('service_user/username').with_value('cinder')
|
||||||
|
is_expected.to contain_cinder_config('service_user/password').with_value('cinder_password')
|
||||||
|
is_expected.to contain_cinder_config('service_user/auth_url').with_value('http://localhost:5000')
|
||||||
|
is_expected.to contain_cinder_config('service_user/project_name').with_value('services')
|
||||||
|
is_expected.to contain_cinder_config('service_user/user_domain_name').with_value('Default')
|
||||||
|
is_expected.to contain_cinder_config('service_user/project_domain_name').with_value('Default')
|
||||||
|
is_expected.to contain_cinder_config('service_user/send_service_user_token').with_value(false)
|
||||||
|
is_expected.to contain_cinder_config('service_user/insecure').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_cinder_config('service_user/auth_type').with_value('password')
|
||||||
|
is_expected.to contain_cinder_config('service_user/auth_version').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_cinder_config('service_user/cafile').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_cinder_config('service_user/certfile').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_cinder_config('service_user/keyfile').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_cinder_config('service_user/region_name').with_value('<SERVICE DEFAULT>')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when overriding parameters' do
|
||||||
|
before do
|
||||||
|
params.merge!({
|
||||||
|
:username => 'myuser',
|
||||||
|
:password => 'mypasswd',
|
||||||
|
:auth_url => 'https://127.0.0.1:5000',
|
||||||
|
:project_name => 'service_project',
|
||||||
|
:user_domain_name => 'domainX',
|
||||||
|
:project_domain_name => 'domainX',
|
||||||
|
:send_service_user_token => true,
|
||||||
|
:insecure => false,
|
||||||
|
:auth_type => 'password',
|
||||||
|
:auth_version => 'v3',
|
||||||
|
:cafile => '/opt/stack/data/cafile.pem',
|
||||||
|
:certfile => 'certfile.crt',
|
||||||
|
:keyfile => 'keyfile',
|
||||||
|
:region_name => 'region2',
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configure service_user' do
|
||||||
|
is_expected.to contain_cinder_config('service_user/username').with_value(params[:username])
|
||||||
|
is_expected.to contain_cinder_config('service_user/password').with_value(params[:password]).with_secret(true)
|
||||||
|
is_expected.to contain_cinder_config('service_user/auth_url').with_value(params[:auth_url])
|
||||||
|
is_expected.to contain_cinder_config('service_user/project_name').with_value(params[:project_name])
|
||||||
|
is_expected.to contain_cinder_config('service_user/user_domain_name').with_value(params[:user_domain_name])
|
||||||
|
is_expected.to contain_cinder_config('service_user/project_domain_name').with_value(params[:project_domain_name])
|
||||||
|
is_expected.to contain_cinder_config('service_user/send_service_user_token').with_value(params[:send_service_user_token])
|
||||||
|
is_expected.to contain_cinder_config('service_user/insecure').with_value(params[:insecure])
|
||||||
|
is_expected.to contain_cinder_config('service_user/auth_type').with_value(params[:auth_type])
|
||||||
|
is_expected.to contain_cinder_config('service_user/auth_version').with_value(params[:auth_version])
|
||||||
|
is_expected.to contain_cinder_config('service_user/cafile').with_value(params[:cafile])
|
||||||
|
is_expected.to contain_cinder_config('service_user/certfile').with_value(params[:certfile])
|
||||||
|
is_expected.to contain_cinder_config('service_user/keyfile').with_value(params[:keyfile])
|
||||||
|
is_expected.to contain_cinder_config('service_user/region_name').with_value(params[:region_name])
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
on_supported_os({
|
||||||
|
:supported_os => OSDefaults.get_supported_os
|
||||||
|
}).each do |os,facts|
|
||||||
|
context "on #{os}" do
|
||||||
|
let (:facts) do
|
||||||
|
facts.merge!(OSDefaults.get_facts())
|
||||||
|
end
|
||||||
|
|
||||||
|
it_behaves_like 'cinder service_user'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue
Block a user