Merge "Implement class to configure parameters to use service token"
This commit is contained in:
Zuul
Gerrit Code Review
commit
fabf8c9f33
|
|
@ -0,0 +1,101 @@
|
|||
# class: cinder::keystone::service_user
|
||||
#
|
||||
# Configure the service_user section in the configuration file
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*username*]
|
||||
# (Optional) The name of the service user
|
||||
# Defaults to 'cinder'
|
||||
#
|
||||
# [*password*]
|
||||
# (Optional) Password to create for the service user
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*auth_url*]
|
||||
# (Optional) The URL to use for authentication.
|
||||
# Defaults to 'http://localhost:5000'.
|
||||
#
|
||||
# [*project_name*]
|
||||
# (Optional) Service project name
|
||||
# Defaults to 'services'
|
||||
#
|
||||
# [*user_domain_name*]
|
||||
# (Optional) Name of domain for $username
|
||||
# Defaults to 'Default'
|
||||
#
|
||||
# [*project_domain_name*]
|
||||
# (Optional) Name of domain for $project_name
|
||||
# Defaults to 'Default'
|
||||
#
|
||||
# [*send_service_user_token*]
|
||||
# (Optional) The service uses service token feature when this is set as true
|
||||
# Defaults to 'false'
|
||||
#
|
||||
# [*insecure*]
|
||||
# (Optional) If true, explicitly allow TLS without checking server cert
|
||||
# against any certificate authorities. WARNING: not recommended. Use with
|
||||
# caution.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*auth_type*]
|
||||
# (Optional) Authentication type to load
|
||||
# Defaults to 'password'
|
||||
#
|
||||
# [*auth_version*]
|
||||
# (Optional) API version of the admin Identity API endpoint.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*cafile*]
|
||||
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
|
||||
# connections.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*certfile*]
|
||||
# (Optional) Required if identity server requires client certificate
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*keyfile*]
|
||||
# (Optional) Required if identity server requires client certificate
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*region_name*]
|
||||
# (Optional) The region in which the identity server can be found.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
class cinder::keystone::service_user(
|
||||
$username = 'cinder',
|
||||
$password = $::os_service_default,
|
||||
$auth_url = 'http://localhost:5000',
|
||||
$project_name = 'services',
|
||||
$user_domain_name = 'Default',
|
||||
$project_domain_name = 'Default',
|
||||
$send_service_user_token = false,
|
||||
$insecure = $::os_service_default,
|
||||
$auth_type = 'password',
|
||||
$auth_version = $::os_service_default,
|
||||
$cafile = $::os_service_default,
|
||||
$certfile = $::os_service_default,
|
||||
$keyfile = $::os_service_default,
|
||||
$region_name = $::os_service_default,
|
||||
) {
|
||||
|
||||
include ::cinder::deps
|
||||
|
||||
keystone::resource::service_user { 'cinder_config':
|
||||
username => $username,
|
||||
password => $password,
|
||||
project_name => $project_name,
|
||||
auth_url => $auth_url,
|
||||
auth_version => $auth_version,
|
||||
auth_type => $auth_type,
|
||||
user_domain_name => $user_domain_name,
|
||||
project_domain_name => $project_domain_name,
|
||||
send_service_user_token => $send_service_user_token,
|
||||
insecure => $insecure,
|
||||
cafile => $cafile,
|
||||
certfile => $certfile,
|
||||
keyfile => $keyfile,
|
||||
region_name => $region_name,
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
New class, cinder::keystone::service_user, is introduced to configure
|
||||
parameters to service token feature.
|
||||
|
|
@ -0,0 +1,80 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'cinder::keystone::service_user' do
|
||||
let :params do
|
||||
{
|
||||
:password => 'cinder_password',
|
||||
}
|
||||
end
|
||||
|
||||
shared_examples 'cinder service_user' do
|
||||
context 'with default parameters' do
|
||||
it 'configure service_user' do
|
||||
is_expected.to contain_cinder_config('service_user/username').with_value('cinder')
|
||||
is_expected.to contain_cinder_config('service_user/password').with_value('cinder_password')
|
||||
is_expected.to contain_cinder_config('service_user/auth_url').with_value('http://localhost:5000')
|
||||
is_expected.to contain_cinder_config('service_user/project_name').with_value('services')
|
||||
is_expected.to contain_cinder_config('service_user/user_domain_name').with_value('Default')
|
||||
is_expected.to contain_cinder_config('service_user/project_domain_name').with_value('Default')
|
||||
is_expected.to contain_cinder_config('service_user/send_service_user_token').with_value(false)
|
||||
is_expected.to contain_cinder_config('service_user/insecure').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_cinder_config('service_user/auth_type').with_value('password')
|
||||
is_expected.to contain_cinder_config('service_user/auth_version').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_cinder_config('service_user/cafile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_cinder_config('service_user/certfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_cinder_config('service_user/keyfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_cinder_config('service_user/region_name').with_value('<SERVICE DEFAULT>')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when overriding parameters' do
|
||||
before do
|
||||
params.merge!({
|
||||
:username => 'myuser',
|
||||
:password => 'mypasswd',
|
||||
:auth_url => 'https://127.0.0.1:5000',
|
||||
:project_name => 'service_project',
|
||||
:user_domain_name => 'domainX',
|
||||
:project_domain_name => 'domainX',
|
||||
:send_service_user_token => true,
|
||||
:insecure => false,
|
||||
:auth_type => 'password',
|
||||
:auth_version => 'v3',
|
||||
:cafile => '/opt/stack/data/cafile.pem',
|
||||
:certfile => 'certfile.crt',
|
||||
:keyfile => 'keyfile',
|
||||
:region_name => 'region2',
|
||||
})
|
||||
end
|
||||
|
||||
it 'configure service_user' do
|
||||
is_expected.to contain_cinder_config('service_user/username').with_value(params[:username])
|
||||
is_expected.to contain_cinder_config('service_user/password').with_value(params[:password]).with_secret(true)
|
||||
is_expected.to contain_cinder_config('service_user/auth_url').with_value(params[:auth_url])
|
||||
is_expected.to contain_cinder_config('service_user/project_name').with_value(params[:project_name])
|
||||
is_expected.to contain_cinder_config('service_user/user_domain_name').with_value(params[:user_domain_name])
|
||||
is_expected.to contain_cinder_config('service_user/project_domain_name').with_value(params[:project_domain_name])
|
||||
is_expected.to contain_cinder_config('service_user/send_service_user_token').with_value(params[:send_service_user_token])
|
||||
is_expected.to contain_cinder_config('service_user/insecure').with_value(params[:insecure])
|
||||
is_expected.to contain_cinder_config('service_user/auth_type').with_value(params[:auth_type])
|
||||
is_expected.to contain_cinder_config('service_user/auth_version').with_value(params[:auth_version])
|
||||
is_expected.to contain_cinder_config('service_user/cafile').with_value(params[:cafile])
|
||||
is_expected.to contain_cinder_config('service_user/certfile').with_value(params[:certfile])
|
||||
is_expected.to contain_cinder_config('service_user/keyfile').with_value(params[:keyfile])
|
||||
is_expected.to contain_cinder_config('service_user/region_name').with_value(params[:region_name])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
it_behaves_like 'cinder service_user'
|
||||
end
|
||||
end
|
||||
end
|
||||
Loading…
Reference in New Issue