diff --git a/manifests/keystone/glare_auth.pp b/manifests/keystone/glare_auth.pp new file mode 100644 index 00000000..a5e2432b --- /dev/null +++ b/manifests/keystone/glare_auth.pp @@ -0,0 +1,104 @@ +# == Class: glance::keystone::glare_auth +# +# Sets up glare users, service and endpoint for Glance Glare +# +# == Parameters: +# +# [*password*] +# Password for glare user. Required. +# +# [*email*] +# Email for glance user. Optional. Defaults to 'glare@localhost'. +# +# [*auth_name*] +# Username for glare service. Optional. Defaults to 'glare'. +# +# [*configure_endpoint*] +# Should glare endpoint be configured? Optional. Defaults to 'true'. +# +# [*configure_user*] +# Should the service user be configured? Optional. Defaults to 'true'. +# +# [*configure_user_role*] +# Should the admin role be configured for the service user? +# Optional. Defaults to 'true'. +# +# [*service_name*] +# Name of the service. Optional. +# Defaults to 'Glance Artifacts'. +# +# [*service_type*] +# Type of service. Optional. Defaults to 'artifact'. +# +# [*service_description*] +# Description for keystone service. Optional. Defaults to 'Glance Artifact Service'. +# +# [*region*] +# Region for endpoint. Optional. Defaults to 'RegionOne'. +# +# [*tenant*] +# Tenant for glare user. Optional. Defaults to 'services'. +# +# [*public_url*] +# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:9494') +# This url should *not* contain any trailing '/'. +# +# [*admin_url*] +# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:9494') +# This url should *not* contain any trailing '/'. +# +# [*internal_url*] +# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:9494') +# This url should *not* contain any trailing '/'. +# +# === Examples +# +# class { 'glance::keystone::glare_auth': +# public_url => 'https://10.0.0.10:9494', +# internal_url => 'https://10.0.0.11:9494', +# admin_url => 'https://10.0.0.11:9494', +# } +# +class glance::keystone::glare_auth( + $password, + $email = 'glare@localhost', + $auth_name = 'glare', + $configure_endpoint = true, + $configure_user = true, + $configure_user_role = true, + $service_name = 'Glance Artifacts', + $service_type = 'artifact', + $region = 'RegionOne', + $tenant = 'services', + $service_description = 'Glance Artifact Service', + $public_url = 'http://127.0.0.1:9494', + $admin_url = 'http://127.0.0.1:9494', + $internal_url = 'http://127.0.0.1:9494', +) { + + $real_service_name = pick($service_name, $auth_name) + + if $configure_endpoint { + Keystone_endpoint["${region}/${real_service_name}::${service_type}"] ~> Service<| title == 'glance-glare' |> + } + + keystone::resource::service_identity { $auth_name: + configure_user => $configure_user, + configure_user_role => $configure_user_role, + configure_endpoint => $configure_endpoint, + service_type => $service_type, + service_description => $service_description, + service_name => $real_service_name, + region => $region, + password => $password, + email => $email, + tenant => $tenant, + public_url => $public_url, + admin_url => $admin_url, + internal_url => $internal_url, + } + + if $configure_user_role { + Keystone_user_role["${auth_name}@${tenant}"] ~> Service<| title == 'glance-glare' |> + } +} diff --git a/spec/acceptance/basic_glance_spec.rb b/spec/acceptance/basic_glance_spec.rb index eb3f620c..a327006a 100644 --- a/spec/acceptance/basic_glance_spec.rb +++ b/spec/acceptance/basic_glance_spec.rb @@ -21,6 +21,9 @@ describe 'glance class' do class { '::glance::keystone::auth': password => 'a_big_secret', } + class { '::glance::keystone::glare_auth': + password => 'a_big_secret', + } class { '::glance::api': database_connection => 'mysql+pymysql://glance:a_big_secret@127.0.0.1/glance?charset=utf8', verbose => false, diff --git a/spec/classes/glance_keystone_glare_auth_spec.rb b/spec/classes/glance_keystone_glare_auth_spec.rb new file mode 100644 index 00000000..2e338104 --- /dev/null +++ b/spec/classes/glance_keystone_glare_auth_spec.rb @@ -0,0 +1,172 @@ +require 'spec_helper' + +describe 'glance::keystone::glare_auth' do + + shared_examples_for 'glance::keystone::glare_auth' do + describe 'with defaults' do + + let :params do + {:password => 'pass'} + end + + it { is_expected.to contain_keystone_user('glare').with( + :ensure => 'present', + :password => 'pass' + )} + + it { is_expected.to contain_keystone_user_role('glare@services').with( + :ensure => 'present', + :roles => ['admin'] + ) } + + it { is_expected.to contain_keystone_service('Glance Artifacts::artifact').with( + :ensure => 'present', + :description => 'Glance Artifact Service' + ) } + + it { is_expected.to contain_keystone_endpoint('RegionOne/Glance Artifacts::artifact').with( + :ensure => 'present', + :public_url => 'http://127.0.0.1:9494', + :admin_url => 'http://127.0.0.1:9494', + :internal_url => 'http://127.0.0.1:9494' + )} + + end + + describe 'when auth_type, password, and service_type are overridden' do + + let :params do + { + :auth_name => 'glarey', + :password => 'password', + :service_type => 'glarey' + } + end + + it { is_expected.to contain_keystone_user('glarey').with( + :ensure => 'present', + :password => 'password' + )} + + it { is_expected.to contain_keystone_user_role('glarey@services').with( + :ensure => 'present', + :roles => ['admin'] + ) } + + it { is_expected.to contain_keystone_service('Glance Artifacts::glarey').with( + :ensure => 'present', + :description => 'Glance Artifact Service' + ) } + + end + + describe 'when overriding endpoint URLs' do + let :params do + { :password => 'passw0rd', + :region => 'RegionTwo', + :public_url => 'https://10.10.10.10:82/v2', + :internal_url => 'https://10.10.10.11:82/v2', + :admin_url => 'https://10.10.10.12:82/v2' } + end + + it { is_expected.to contain_keystone_endpoint('RegionTwo/Glance Artifacts::artifact').with( + :ensure => 'present', + :public_url => 'https://10.10.10.10:82/v2', + :internal_url => 'https://10.10.10.11:82/v2', + :admin_url => 'https://10.10.10.12:82/v2' + ) } + end + + describe 'when endpoint is not set' do + + let :params do + { + :configure_endpoint => false, + :password => 'pass', + } + end + + it { is_expected.to_not contain_keystone_endpoint('RegionOne/Glance Artifacts::artifact') } + end + + describe 'when disabling user configuration' do + let :params do + { + :configure_user => false, + :password => 'pass', + } + end + + it { is_expected.to_not contain_keystone_user('glare') } + + it { is_expected.to contain_keystone_user_role('glare@services') } + + it { is_expected.to contain_keystone_service('Glance Artifacts::artifact').with( + :ensure => 'present', + :description => 'Glance Artifact Service' + ) } + end + + describe 'when disabling user and user role configuration' do + let :params do + { + :configure_user => false, + :configure_user_role => false, + :password => 'pass', + } + end + + it { is_expected.to_not contain_keystone_user('glare') } + + it { is_expected.to_not contain_keystone_user_role('glare@services') } + + it { is_expected.to contain_keystone_service('Glance Artifacts::artifact').with( + :ensure => 'present', + :description => 'Glance Artifact Service' + ) } + end + + describe 'when configuring glance-glare and the keystone endpoint' do + let :pre_condition do + "class { 'glance::glare': keystone_password => 'test' }" + end + + let :params do + { + :password => 'test', + :configure_endpoint => true + } + end + + it { is_expected.to contain_keystone_endpoint('RegionOne/Glance Artifacts::artifact').with_notify(["Service[glance-glare]"]) } + end + + describe 'when overriding service name' do + + let :params do + { + :service_name => 'glance_service', + :password => 'pass' + } + end + + it { is_expected.to contain_keystone_user('glare') } + it { is_expected.to contain_keystone_user_role('glare@services') } + it { is_expected.to contain_keystone_service('glance_service::artifact') } + it { is_expected.to contain_keystone_endpoint('RegionOne/glance_service::artifact') } + + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_configures 'glance::keystone::glare_auth' + end + end +end