Add support for auth_admin_prefix in glance
Add support for auth_admin_prefix in glance::registry, glance::api & in the glance provider. Change-Id: I646c621f0a42cd987bc409b17066f8ac13556883
This commit is contained in:
parent
202a27b66a
commit
dc98e9bb58
|
@ -9,7 +9,7 @@ class Puppet::Provider::Glance < Puppet::Provider
|
|||
end
|
||||
|
||||
def self.get_glance_credentials
|
||||
if glance_file and glance_file['keystone_authtoken'] and
|
||||
if glance_file and glance_file['keystone_authtoken'] and
|
||||
glance_file['keystone_authtoken']['auth_host'] and
|
||||
glance_file['keystone_authtoken']['auth_port'] and
|
||||
glance_file['keystone_authtoken']['auth_protocol'] and
|
||||
|
@ -21,6 +21,7 @@ class Puppet::Provider::Glance < Puppet::Provider
|
|||
g['auth_host'] = glance_file['keystone_authtoken']['auth_host'].strip
|
||||
g['auth_port'] = glance_file['keystone_authtoken']['auth_port'].strip
|
||||
g['auth_protocol'] = glance_file['keystone_authtoken']['auth_protocol'].strip
|
||||
g['auth_admin_prefix'] = glance_file['keystone_authtoken'].fetch('auth_admin_prefix', '').strip
|
||||
g['admin_tenant_name'] = glance_file['keystone_authtoken']['admin_tenant_name'].strip
|
||||
g['admin_user'] = glance_file['keystone_authtoken']['admin_user'].strip
|
||||
g['admin_password'] = glance_file['keystone_authtoken']['admin_password'].strip
|
||||
|
@ -40,7 +41,7 @@ class Puppet::Provider::Glance < Puppet::Provider
|
|||
|
||||
def self.get_auth_endpoint
|
||||
g = glance_credentials
|
||||
"#{g['auth_protocol']}://#{g['auth_host']}:#{g['auth_port']}/v2.0/"
|
||||
"#{g['auth_protocol']}://#{g['auth_host']}:#{g['auth_port']}#{g['auth_admin_prefix']}/v2.0/"
|
||||
end
|
||||
|
||||
def self.glance_file
|
||||
|
|
|
@ -28,6 +28,10 @@
|
|||
# * auth_type - Type is authorization being used. Optional. Defaults to 'keystone'
|
||||
# * auth_host - Host running auth service. Optional. Defaults to '127.0.0.1'.
|
||||
# * auth_port - Port to use for auth service on auth_host. Optional. Defaults to '35357'.
|
||||
# * auth_admin_prefix - (optional) path part of the auth url.
|
||||
# This allow admin auth URIs like http://auth_host:35357/keystone/admin.
|
||||
# (where '/keystone/admin' is auth_admin_prefix)
|
||||
# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
|
||||
# * auth_protocol - Protocol to use for auth. Optional. Defaults to 'http'.
|
||||
# * keystone_tenant - tenant to authenticate to. Optioal. Defaults to admin.
|
||||
# * keystone_user User to authenticate as with keystone Optional. Defaults to admin.
|
||||
|
@ -49,6 +53,7 @@ class glance::api(
|
|||
$auth_type = 'keystone',
|
||||
$auth_host = '127.0.0.1',
|
||||
$auth_port = '35357',
|
||||
$auth_admin_prefix = false,
|
||||
$auth_protocol = 'http',
|
||||
$pipeline = 'keystone+cachemanagement',
|
||||
$keystone_tenant = 'admin',
|
||||
|
@ -134,6 +139,17 @@ class glance::api(
|
|||
'keystone_authtoken/protocol': value => $protocol;
|
||||
}
|
||||
|
||||
if $auth_admin_prefix {
|
||||
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
|
||||
glance_api_config {
|
||||
'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
|
||||
}
|
||||
} else {
|
||||
glance_api_config {
|
||||
'keystone_authtoken/auth_admin_prefix': ensure => absent;
|
||||
}
|
||||
}
|
||||
|
||||
# keystone config
|
||||
if $auth_type == 'keystone' {
|
||||
glance_api_config {
|
||||
|
|
|
@ -1,3 +1,66 @@
|
|||
# == Class: glance::registry
|
||||
#
|
||||
# Installs and configures glance-registry
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*keystone_password*]
|
||||
# (required) The keystone password for administrative user
|
||||
#
|
||||
# [*verbose*]
|
||||
# (optional) Enable verbose logs (true|false). Defaults to false.
|
||||
#
|
||||
# [*debug*]
|
||||
# (optional) Enable debug logs (true|false). Defaults to false.
|
||||
#
|
||||
# [*bind_host*]
|
||||
# (optional) The address of the host to bind to. Defaults to '0.0.0.0'.
|
||||
#
|
||||
# [*bind_port*]
|
||||
# (optional) The port the server should bind to. Defaults to '9191'.
|
||||
#
|
||||
# [*log_file*]
|
||||
# (optional) Log file for glance-registry.
|
||||
# Defaults to '/var/log/glance/registry.log'.
|
||||
#
|
||||
# [*sql_connection*]
|
||||
# (optional) SQL connection string.
|
||||
# Defaults to 'sqlite:///var/lib/glance/glance.sqlite'.
|
||||
#
|
||||
# [*sql_idle_timeout*]
|
||||
# (optional) SQL connections idle timeout. Defaults to '3600'.
|
||||
#
|
||||
# [*auth_type*]
|
||||
# (optional) Authentication type. Defaults to 'keystone'.
|
||||
#
|
||||
# [*auth_host*]
|
||||
# (optional) Address of the admin authentication endpoint.
|
||||
# Defaults to '127.0.0.1'.
|
||||
#
|
||||
# [*auth_port*]
|
||||
# (optional) Port of the admin authentication endpoint. Defaults to '35357'.
|
||||
#
|
||||
# [*auth_admin_prefix*]
|
||||
# (optional) path part of the auth url.
|
||||
# This allow admin auth URIs like http://auth_host:35357/keystone/admin.
|
||||
# (where '/keystone/admin' is auth_admin_prefix)
|
||||
# Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'.
|
||||
#
|
||||
# [*auth_protocol*]
|
||||
# (optional) Protocol to communicate with the admin authentication endpoint.
|
||||
# Defaults to 'http'. Should be 'http' or 'https'.
|
||||
#
|
||||
# [*keystone_tenant*]
|
||||
# (optional) administrative tenant name to connect to keystone.
|
||||
# Defaults to 'admin'.
|
||||
#
|
||||
# [*keystone_user*]
|
||||
# (optional) administrative user name to connect to keystone.
|
||||
# Defaults to 'admin'.
|
||||
#
|
||||
# [*enabled*]
|
||||
# (optional) Should the service be enabled. Defaults to true.
|
||||
#
|
||||
class glance::registry(
|
||||
$keystone_password,
|
||||
$verbose = false,
|
||||
|
@ -10,6 +73,7 @@ class glance::registry(
|
|||
$auth_type = 'keystone',
|
||||
$auth_host = '127.0.0.1',
|
||||
$auth_port = '35357',
|
||||
$auth_admin_prefix = false,
|
||||
$auth_protocol = 'http',
|
||||
$keystone_tenant = 'admin',
|
||||
$keystone_user = 'admin',
|
||||
|
@ -64,6 +128,17 @@ class glance::registry(
|
|||
'keystone_authtoken/auth_protocol': value => $auth_protocol;
|
||||
}
|
||||
|
||||
if $auth_admin_prefix {
|
||||
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
|
||||
glance_registry_config {
|
||||
'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix;
|
||||
}
|
||||
} else {
|
||||
glance_registry_config {
|
||||
'keystone_authtoken/auth_admin_prefix': ensure => absent;
|
||||
}
|
||||
}
|
||||
|
||||
# keystone config
|
||||
if $auth_type == 'keystone' {
|
||||
glance_registry_config {
|
||||
|
|
|
@ -115,6 +115,7 @@ describe 'glance::api' do
|
|||
should contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
|
||||
end
|
||||
end
|
||||
it { should contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') }
|
||||
|
||||
it 'should configure itself for keystone if that is the auth_type' do
|
||||
if params[:auth_type] == 'keystone'
|
||||
|
@ -134,11 +135,43 @@ describe 'glance::api' do
|
|||
let :params do
|
||||
{
|
||||
:keystone_password => 'ChangeMe',
|
||||
:pipeline => 'keystone',
|
||||
:pipeline => 'keystone',
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_glance_api_config('paste_deploy/flavor').with_value('keystone') }
|
||||
end
|
||||
|
||||
describe 'with overriden auth_admin_prefix' do
|
||||
let :params do
|
||||
{
|
||||
:keystone_password => 'ChangeMe',
|
||||
:auth_admin_prefix => '/keystone/main'
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
|
||||
end
|
||||
|
||||
[
|
||||
'/keystone/',
|
||||
'keystone/',
|
||||
'keystone',
|
||||
'/keystone/admin/',
|
||||
'keystone/admin/',
|
||||
'keystone/admin'
|
||||
].each do |auth_admin_prefix|
|
||||
describe "with auth_admin_prefix_containing incorrect value #{auth_admin_prefix}" do
|
||||
let :params do
|
||||
{
|
||||
:keystone_password => 'ChangeMe',
|
||||
:auth_admin_prefix => auth_admin_prefix
|
||||
}
|
||||
end
|
||||
|
||||
it { expect { should contain_glance_api_config('filter:authtoken/auth_admin_prefix') }.to\
|
||||
raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'glance::registry' do
|
||||
|
||||
|
@ -99,6 +98,7 @@ describe 'glance::registry' do
|
|||
].each do |config|
|
||||
should contain_glance_registry_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern])
|
||||
end
|
||||
should contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
|
||||
if param_hash[:auth_type] == 'keystone'
|
||||
should contain_glance_registry_config("paste_deploy/flavor").with_value('keystone')
|
||||
should contain_glance_registry_config("keystone_authtoken/admin_tenant_name").with_value(param_hash[:keystone_tenant])
|
||||
|
@ -108,4 +108,36 @@ describe 'glance::registry' do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'with overriden auth_admin_prefix' do
|
||||
let :params do
|
||||
{
|
||||
:keystone_password => 'ChangeMe',
|
||||
:auth_admin_prefix => '/keystone/main'
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') }
|
||||
end
|
||||
|
||||
[
|
||||
'/keystone/',
|
||||
'keystone/',
|
||||
'keystone',
|
||||
'/keystone/admin/',
|
||||
'keystone/admin/',
|
||||
'keystone/admin'
|
||||
].each do |auth_admin_prefix|
|
||||
describe "with auth_admin_prefix_containing incorrect value #{auth_admin_prefix}" do
|
||||
let :params do
|
||||
{
|
||||
:keystone_password => 'ChangeMe',
|
||||
:auth_admin_prefix => auth_admin_prefix
|
||||
}
|
||||
end
|
||||
|
||||
it { expect { should contain_glance_registry_config('filter:authtoken/auth_admin_prefix') }.to\
|
||||
raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue