openstack/puppet-cinder
Code Issues Proposed changes

Implement class to configure parameters to use service token

Browse Source 
This patch introduces cinder::keystone::service_user class
to configure parameters to enable service token feature
in Cinder.

Depends-on: https://review.opendev.org/#/c/666467
Change-Id: I79362b30107826e67f0bf6dce9371a24bc3ef2dd
This commit is contained in:
Takashi Kajinami 2019-06-21 10:12:14 +09:00
parent ebebc891fa
commit c978ba07e7
3 changed files with 186 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
manifests/keystone/service_user.pp Normal file
View File

@ -0,0 +1,101 @@
# class: cinder::keystone::service_user
#
# Configure the service_user section in the configuration file
#
# === Parameters
#
# [*username*]
# (Optional) The name of the service user
# Defaults to 'cinder'
#
# [*password*]
# (Optional) Password to create for the service user
# Defaults to $::os_service_default
#
# [*auth_url*]
# (Optional) The URL to use for authentication.
# Defaults to 'http://localhost:5000'.
#
# [*project_name*]
# (Optional) Service project name
# Defaults to 'services'
#
# [*user_domain_name*]
# (Optional) Name of domain for $username
# Defaults to 'Default'
#
# [*project_domain_name*]
# (Optional) Name of domain for $project_name
# Defaults to 'Default'
#
# [*send_service_user_token*]
# (Optional) The service uses service token feature when this is set as true
# Defaults to 'false'
#
# [*insecure*]
# (Optional) If true, explicitly allow TLS without checking server cert
# against any certificate authorities. WARNING: not recommended. Use with
# caution.
# Defaults to $::os_service_default
#
# [*auth_type*]
# (Optional) Authentication type to load
# Defaults to 'password'
#
# [*auth_version*]
# (Optional) API version of the admin Identity API endpoint.
# Defaults to $::os_service_default.
#
# [*cafile*]
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
# connections.
# Defaults to $::os_service_default.
#
# [*certfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $::os_service_default.
#
# [*keyfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $::os_service_default.
#
# [*region_name*]
# (Optional) The region in which the identity server can be found.
# Defaults to $::os_service_default.
#
class cinder::keystone::service_user(
$username = 'cinder',
$password = $::os_service_default,
$auth_url = 'http://localhost:5000',
$project_name = 'services',
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$send_service_user_token = false,
$insecure = $::os_service_default,
$auth_type = 'password',
$auth_version = $::os_service_default,
$cafile = $::os_service_default,
$certfile = $::os_service_default,
$keyfile = $::os_service_default,
$region_name = $::os_service_default,
) {
include ::cinder::deps
keystone::resource::service_user { 'cinder_config':
username => $username,
password => $password,
project_name => $project_name,
auth_url => $auth_url,
auth_version => $auth_version,
auth_type => $auth_type,
user_domain_name => $user_domain_name,
project_domain_name => $project_domain_name,
send_service_user_token => $send_service_user_token,
insecure => $insecure,
cafile => $cafile,
certfile => $certfile,
keyfile => $keyfile,
region_name => $region_name,
}
}

5
releasenotes/notes/service_token-94dd15b7ee9af228.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- |
New class, cinder::keystone::service_user, is introduced to configure
parameters to service token feature.

80
spec/classes/cinder_keystone_service_user_spec.rb Normal file
View File

@ -0,0 +1,80 @@
require 'spec_helper'
describe 'cinder::keystone::service_user' do
let :params do
{
:password => 'cinder_password',
}
end
shared_examples 'cinder service_user' do
context 'with default parameters' do
it 'configure service_user' do
is_expected.to contain_cinder_config('service_user/username').with_value('cinder')
is_expected.to contain_cinder_config('service_user/password').with_value('cinder_password')
is_expected.to contain_cinder_config('service_user/auth_url').with_value('http://localhost:5000')
is_expected.to contain_cinder_config('service_user/project_name').with_value('services')
is_expected.to contain_cinder_config('service_user/user_domain_name').with_value('Default')
is_expected.to contain_cinder_config('service_user/project_domain_name').with_value('Default')
is_expected.to contain_cinder_config('service_user/send_service_user_token').with_value(false)
is_expected.to contain_cinder_config('service_user/insecure').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('service_user/auth_type').with_value('password')
is_expected.to contain_cinder_config('service_user/auth_version').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('service_user/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('service_user/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('service_user/keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_cinder_config('service_user/region_name').with_value('<SERVICE DEFAULT>')
end
end
context 'when overriding parameters' do
before do
params.merge!({
:username => 'myuser',
:password => 'mypasswd',
:auth_url => 'https://127.0.0.1:5000',
:project_name => 'service_project',
:user_domain_name => 'domainX',
:project_domain_name => 'domainX',
:send_service_user_token => true,
:insecure => false,
:auth_type => 'password',
:auth_version => 'v3',
:cafile => '/opt/stack/data/cafile.pem',
:certfile => 'certfile.crt',
:keyfile => 'keyfile',
:region_name => 'region2',
})
end
it 'configure service_user' do
is_expected.to contain_cinder_config('service_user/username').with_value(params[:username])
is_expected.to contain_cinder_config('service_user/password').with_value(params[:password]).with_secret(true)
is_expected.to contain_cinder_config('service_user/auth_url').with_value(params[:auth_url])
is_expected.to contain_cinder_config('service_user/project_name').with_value(params[:project_name])
is_expected.to contain_cinder_config('service_user/user_domain_name').with_value(params[:user_domain_name])
is_expected.to contain_cinder_config('service_user/project_domain_name').with_value(params[:project_domain_name])
is_expected.to contain_cinder_config('service_user/send_service_user_token').with_value(params[:send_service_user_token])
is_expected.to contain_cinder_config('service_user/insecure').with_value(params[:insecure])
is_expected.to contain_cinder_config('service_user/auth_type').with_value(params[:auth_type])
is_expected.to contain_cinder_config('service_user/auth_version').with_value(params[:auth_version])
is_expected.to contain_cinder_config('service_user/cafile').with_value(params[:cafile])
is_expected.to contain_cinder_config('service_user/certfile').with_value(params[:certfile])
is_expected.to contain_cinder_config('service_user/keyfile').with_value(params[:keyfile])
is_expected.to contain_cinder_config('service_user/region_name').with_value(params[:region_name])
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'cinder service_user'
end
end
end