diff --git a/manifests/ec2authtoken.pp b/manifests/ec2authtoken.pp new file mode 100644 index 00000000..1ed769d6 --- /dev/null +++ b/manifests/ec2authtoken.pp @@ -0,0 +1,125 @@ +# class: heat::ec2authtoken +# +# Configure the ec2authtoken section in the configuration file +# +# === Parameters +# +# [*password*] +# (Required) Password for connecting to Keystone services +# +# [*username*] +# (Optional) The name of the service user +# Defaults to 'heat' +# +# [*auth_url*] +# (Optional) The URL to use for authentication. +# Defaults to 'http://127.0.0.1:5000' +# +# [*project_name*] +# (Optional) Service project name +# Defaults to 'services' +# +# [*user_domain_name*] +# (Optional) Name of domain for $username +# Defaults to 'Default' +# +# [*project_domain_name*] +# (Optional) Name of domain for $project_name +# Defaults to 'Default' +# +# [*system_scope*] +# (Optional) Scope for system operations +# Defaults to $facts['os_service_default'] +# +# [*auth_type*] +# (Optional) Authentication type to load +# Defaults to 'password' +# +# [*insecure*] +# (Optional) If true, explicitly allow TLS without checking server cert +# against any certificate authorities. WARNING: not recommended. Use with +# caution. +# Defaults to $facts['os_service_default'] +# +# [*cafile*] +# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs +# connections. +# Defaults to $facts['os_service_default']. +# +# [*certfile*] +# (Optional) Required if identity server requires client certificate +# Defaults to $facts['os_service_default']. +# +# [*keyfile*] +# (Optional) Required if identity server requires client certificate +# Defaults to $facts['os_service_default']. +# +# [*region_name*] +# (Optional) The region in which the identity server can be found. +# Defaults to $facts['os_service_default']. +# +# [*valid_interfaces*] +# (Optional) List of interfaces, in order of preference, for endpoint URL. +# Defaults to $facts['os_service_default']. +# +# [*service_name*] +# (Optional) The name of the service as it appears in the service catalog. +# Defaults to $facts['os_service_default']. +# +# [*service_type*] +# (Optional) The type of the service as it appears in the service catalog. +# Defaults to $facts['os_service_default']. +# +# [*timeout*] +# (Optional) Timeout value for http requests . +# Defaults to $facts['os_service_default']. +# +class heat::ec2authtoken ( + String[1] $password, + $username = 'heat', + $auth_url = 'http://127.0.0.1:5000', + $project_name = 'services', + $user_domain_name = 'Default', + $project_domain_name = 'Default', + $system_scope = $facts['os_service_default'], + $auth_type = 'password', + $insecure = $facts['os_service_default'], + $cafile = $facts['os_service_default'], + $certfile = $facts['os_service_default'], + $keyfile = $facts['os_service_default'], + $region_name = $facts['os_service_default'], + $valid_interfaces = $facts['os_service_default'], + $service_name = $facts['os_service_default'], + $service_type = $facts['os_service_default'], + $timeout = $facts['os_service_default'], +) { + include heat::deps + + if is_service_default($system_scope) { + $project_name_real = $project_name + $project_domain_name_real = $project_domain_name + } else { + $project_name_real = $facts['os_service_default'] + $project_domain_name_real = $facts['os_service_default'] + } + + heat_config { + 'ec2authtoken/password': value => $password, secret => true; + 'ec2authtoken/username': value => $username; + 'ec2authtoken/auth_url': value => $auth_url; + 'ec2authtoken/project_name': value => $project_name_real; + 'ec2authtoken/user_domain_name': value => $user_domain_name; + 'ec2authtoken/project_domain_name': value => $project_domain_name_real; + 'ec2authtoken/system_scope': value => $system_scope; + 'ec2authtoken/auth_type': value => $auth_type; + 'ec2authtoken/insecure': value => $insecure; + 'ec2authtoken/cafile': value => $cafile; + 'ec2authtoken/certfile': value => $certfile; + 'ec2authtoken/keyfile': value => $keyfile; + 'ec2authtoken/region_name': value => $region_name; + 'ec2authtoken/valid_interfaces': value => join(any2array($valid_interfaces), ','); + 'ec2authtoken/service_name': value => $service_name; + 'ec2authtoken/service_type': value => $service_type; + 'ec2authtoken/timeout': value => $timeout; + } +} diff --git a/releasenotes/notes/ec2authtoken-b6d4c6b6d40fbc16.yaml b/releasenotes/notes/ec2authtoken-b6d4c6b6d40fbc16.yaml new file mode 100644 index 00000000..8004a197 --- /dev/null +++ b/releasenotes/notes/ec2authtoken-b6d4c6b6d40fbc16.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + The new ``heat::ec2authtoken`` class has been added. diff --git a/spec/classes/heat_ec2authtoken_spec.rb b/spec/classes/heat_ec2authtoken_spec.rb new file mode 100644 index 00000000..8fa7077f --- /dev/null +++ b/spec/classes/heat_ec2authtoken_spec.rb @@ -0,0 +1,101 @@ +require 'spec_helper' + +describe 'heat::ec2authtoken' do + shared_examples 'heat::ec2authtoken' do + let :params do + { + :password => 'heat_password', + } + end + + context 'with defaults' do + it 'configures defaults' do + is_expected.to contain_heat_config('ec2authtoken/password').with_value('heat_password').with_secret(true) + is_expected.to contain_heat_config('ec2authtoken/username').with_value('heat') + is_expected.to contain_heat_config('ec2authtoken/auth_url').with_value('http://127.0.0.1:5000') + is_expected.to contain_heat_config('ec2authtoken/project_name').with_value('services') + is_expected.to contain_heat_config('ec2authtoken/project_domain_name').with_value('Default') + is_expected.to contain_heat_config('ec2authtoken/user_domain_name').with_value('Default') + is_expected.to contain_heat_config('ec2authtoken/system_scope').with_value('') + is_expected.to contain_heat_config('ec2authtoken/auth_type').with_value('password') + is_expected.to contain_heat_config('ec2authtoken/insecure').with_value('') + is_expected.to contain_heat_config('ec2authtoken/cafile').with_value('') + is_expected.to contain_heat_config('ec2authtoken/certfile').with_value('') + is_expected.to contain_heat_config('ec2authtoken/keyfile').with_value('') + is_expected.to contain_heat_config('ec2authtoken/region_name').with_value('') + is_expected.to contain_heat_config('ec2authtoken/valid_interfaces').with_value('') + is_expected.to contain_heat_config('ec2authtoken/service_name').with_value('') + is_expected.to contain_heat_config('ec2authtoken/service_type').with_value('') + is_expected.to contain_heat_config('ec2authtoken/timeout').with_value('') + end + end + + context 'with parameters' do + before :each do + params.merge!({ + :username => 'alt_heat', + :auth_url => 'http://localhost:5000', + :project_name => 'alt_services', + :project_domain_name => 'ProjectDomain', + :user_domain_name => 'UserDomain', + :auth_type => 'v3password', + :insecure => false, + :cafile => 'cafile.pem', + :certfile => 'certfile.crt', + :keyfile => 'keyfile', + :region_name => 'regionOne', + :valid_interfaces => ['internal', 'public'], + :service_name => 'keystone', + :service_type => 'identity', + :timeout => 60, + }) + end + + it 'configures client parameters' do + is_expected.to contain_heat_config('ec2authtoken/password').with_value('heat_password').with_secret(true) + is_expected.to contain_heat_config('ec2authtoken/username').with_value('alt_heat') + is_expected.to contain_heat_config('ec2authtoken/auth_url').with_value('http://localhost:5000') + is_expected.to contain_heat_config('ec2authtoken/project_name').with_value('alt_services') + is_expected.to contain_heat_config('ec2authtoken/project_domain_name').with_value('ProjectDomain') + is_expected.to contain_heat_config('ec2authtoken/user_domain_name').with_value('UserDomain') + is_expected.to contain_heat_config('ec2authtoken/system_scope').with_value('') + is_expected.to contain_heat_config('ec2authtoken/auth_type').with_value('v3password') + is_expected.to contain_heat_config('ec2authtoken/insecure').with_value(false) + is_expected.to contain_heat_config('ec2authtoken/cafile').with_value('cafile.pem') + is_expected.to contain_heat_config('ec2authtoken/certfile').with_value('certfile.crt') + is_expected.to contain_heat_config('ec2authtoken/keyfile').with_value('keyfile') + is_expected.to contain_heat_config('ec2authtoken/region_name').with_value('regionOne') + is_expected.to contain_heat_config('ec2authtoken/valid_interfaces').with_value('internal,public') + is_expected.to contain_heat_config('ec2authtoken/service_name').with_value('keystone') + is_expected.to contain_heat_config('ec2authtoken/service_type').with_value('identity') + is_expected.to contain_heat_config('ec2authtoken/timeout').with_value(60) + end + end + + context 'with system scope' do + before :each do + params.merge!({ + :system_scope => 'all', + }) + end + + it 'configures system scope credential' do + is_expected.to contain_heat_config('ec2authtoken/project_name').with_value('') + is_expected.to contain_heat_config('ec2authtoken/project_domain_name').with_value('') + is_expected.to contain_heat_config('ec2authtoken/system_scope').with_value('all') + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'heat::ec2authtoken' + end + end +end