Make user creation optional when creating service.
In some cases it is useful to be able to just configure the service in Keystone and not the service user. This is the case when e.g. a read only LDAP backend is used. Added parameters configure_user and configure_user_role (default to true). Change-Id: If9bb802ff2bb0b3ece55f36df773059ba9c7e9de Closes-Bug: 1360232
This commit is contained in:
parent
78042d76c0
commit
246842f13c
@ -6,6 +6,9 @@
|
|||||||
# $auth_name :: identifier used for all keystone objects related to glance.
|
# $auth_name :: identifier used for all keystone objects related to glance.
|
||||||
# Optional. Defaults to glance.
|
# Optional. Defaults to glance.
|
||||||
# $password :: password for glance user. Optional. Defaults to glance_password.
|
# $password :: password for glance user. Optional. Defaults to glance_password.
|
||||||
|
# $configure_user :: Whether to configure a service user. Optional. Defaults to true.
|
||||||
|
# $configure_user_role :: Whether to configure the admin role for the service user.
|
||||||
|
# Optional. Defaults to true.
|
||||||
# $service_name :: name of the service. Optional. Defaults to value of auth_name.
|
# $service_name :: name of the service. Optional. Defaults to value of auth_name.
|
||||||
# $service_type :: type of service to create. Optional. Defaults to image.
|
# $service_type :: type of service to create. Optional. Defaults to image.
|
||||||
# $public_address :: Public address for endpoint. Optional. Defaults to 127.0.0.1.
|
# $public_address :: Public address for endpoint. Optional. Defaults to 127.0.0.1.
|
||||||
@ -20,20 +23,22 @@
|
|||||||
#
|
#
|
||||||
class glance::keystone::auth(
|
class glance::keystone::auth(
|
||||||
$password,
|
$password,
|
||||||
$email = 'glance@localhost',
|
$email = 'glance@localhost',
|
||||||
$auth_name = 'glance',
|
$auth_name = 'glance',
|
||||||
$configure_endpoint = true,
|
$configure_endpoint = true,
|
||||||
$service_name = undef,
|
$configure_user = true,
|
||||||
$service_type = 'image',
|
$configure_user_role = true,
|
||||||
$public_address = '127.0.0.1',
|
$service_name = undef,
|
||||||
$admin_address = '127.0.0.1',
|
$service_type = 'image',
|
||||||
$internal_address = '127.0.0.1',
|
$public_address = '127.0.0.1',
|
||||||
$port = '9292',
|
$admin_address = '127.0.0.1',
|
||||||
$region = 'RegionOne',
|
$internal_address = '127.0.0.1',
|
||||||
$tenant = 'services',
|
$port = '9292',
|
||||||
$public_protocol = 'http',
|
$region = 'RegionOne',
|
||||||
$admin_protocol = 'http',
|
$tenant = 'services',
|
||||||
$internal_protocol = 'http'
|
$public_protocol = 'http',
|
||||||
|
$admin_protocol = 'http',
|
||||||
|
$internal_protocol = 'http'
|
||||||
) {
|
) {
|
||||||
|
|
||||||
if $service_name == undef {
|
if $service_name == undef {
|
||||||
@ -42,20 +47,25 @@ class glance::keystone::auth(
|
|||||||
$real_service_name = $service_name
|
$real_service_name = $service_name
|
||||||
}
|
}
|
||||||
|
|
||||||
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-registry' |>
|
|
||||||
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-api' |>
|
|
||||||
Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'glance-api' |>
|
Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'glance-api' |>
|
||||||
|
|
||||||
keystone_user { $auth_name:
|
if $configure_user {
|
||||||
ensure => present,
|
keystone_user { $auth_name:
|
||||||
password => $password,
|
ensure => present,
|
||||||
email => $email,
|
password => $password,
|
||||||
tenant => $tenant,
|
email => $email,
|
||||||
|
tenant => $tenant,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
keystone_user_role { "${auth_name}@${tenant}":
|
if $configure_user_role {
|
||||||
ensure => present,
|
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-registry' |>
|
||||||
roles => 'admin',
|
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-api' |>
|
||||||
|
|
||||||
|
keystone_user_role { "${auth_name}@${tenant}":
|
||||||
|
ensure => present,
|
||||||
|
roles => 'admin',
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
keystone_service { $real_service_name:
|
keystone_service { $real_service_name:
|
||||||
|
@ -98,6 +98,45 @@ describe 'glance::keystone::auth' do
|
|||||||
it { should_not contain_keystone_endpoint('glance') }
|
it { should_not contain_keystone_endpoint('glance') }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'when disabling user configuration' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:configure_user => false,
|
||||||
|
:password => 'pass',
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should_not contain_keystone_user('glance') }
|
||||||
|
|
||||||
|
it { should contain_keystone_user_role('glance@services') }
|
||||||
|
|
||||||
|
it { should contain_keystone_service('glance').with(
|
||||||
|
:ensure => 'present',
|
||||||
|
:type => 'image',
|
||||||
|
:description => 'Openstack Image Service'
|
||||||
|
) }
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'when disabling user and user role configuration' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:configure_user => false,
|
||||||
|
:configure_user_role => false,
|
||||||
|
:password => 'pass',
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should_not contain_keystone_user('glance') }
|
||||||
|
|
||||||
|
it { should_not contain_keystone_user_role('glance@services') }
|
||||||
|
|
||||||
|
it { should contain_keystone_service('glance').with(
|
||||||
|
:ensure => 'present',
|
||||||
|
:type => 'image',
|
||||||
|
:description => 'Openstack Image Service'
|
||||||
|
) }
|
||||||
|
end
|
||||||
|
|
||||||
describe 'when configuring glance-api and the keystone endpoint' do
|
describe 'when configuring glance-api and the keystone endpoint' do
|
||||||
let :pre_condition do
|
let :pre_condition do
|
||||||
"class { 'glance::api': keystone_password => 'test' }"
|
"class { 'glance::api': keystone_password => 'test' }"
|
||||||
|
Loading…
x
Reference in New Issue
Block a user