OPENSTACK_KEYSTONE_BACKEND should be configurable

In local_settings.py.erb, OPENSTACK_KEYSTONE_BACKEND is hardcoded.

We needed a new parameter in the module in order to change this to be
configurable.

Change-Id: I3f0859cd0e73012f444191797afc076beb68d7e9
Closes-Bug: #1575227
This commit is contained in:
Marcos Fermin Lobo 2016-07-11 17:06:08 +02:00 committed by Denis Egorenko
parent 8c593974bf
commit 7385841442
4 changed files with 45 additions and 7 deletions

View File

@ -109,6 +109,16 @@
# 'enable_backup': Boolean to enable or disable Cinders's backup feature.
# Defaults to False.
#
# [*keystone_options*]
# (optional) A hash of parameters to enable features specific to
# Keystone. These include:
# 'name': String
# 'can_edit_user': Boolean
# 'can_edit_group': Boolean
# 'can_edit_project': Boolean
# 'can_edit_domain': Boolean
# 'can_edit_role': Boolean
#
# [*neutron_options*]
# (optional) A hash of parameters to enable features specific to
# Neutron. These include:
@ -330,6 +340,7 @@ class horizon(
$compress_offline = true,
$hypervisor_options = {},
$cinder_options = {},
$keystone_options = {},
$neutron_options = {},
$file_upload_temp_dir = '/tmp',
$policy_files_path = undef,
@ -386,6 +397,18 @@ class horizon(
'enable_backup' => false,
}
# Default options for the OPENSTACK_KEYSTONE_BACKEND section. These will
# be merged with user-provided options when the local_settings.py.erb
# template is interpolated.
$keystone_defaults = {
'name' => 'native',
'can_edit_user' => true,
'can_edit_group' => true,
'can_edit_project' => true,
'can_edit_domain' => true,
'can_edit_role' => true,
}
# Default options for the OPENSTACK_NEUTRON_NETWORK section. These will
# be merged with user-provided options when the local_settings.py.erb
# template is interpolated.
@ -404,6 +427,7 @@ class horizon(
$hypervisor_options_real = merge($hypervisor_defaults,$hypervisor_options)
$cinder_options_real = merge($cinder_defaults,$cinder_options)
$keystone_options_real = merge($keystone_defaults, $keystone_options)
$neutron_options_real = merge($neutron_defaults,$neutron_options)
validate_hash($api_versions)

View File

@ -106,6 +106,7 @@ describe 'horizon' do
:compress_offline => false,
:hypervisor_options => {'can_set_mount_point' => false, 'can_set_password' => true },
:cinder_options => {'enable_backup' => true },
:keystone_options => {'name' => 'native', 'can_edit_user' => true, 'can_edit_group' => true, 'can_edit_project' => true, 'can_edit_domain' => false, 'can_edit_role' => false},
:neutron_options => {'enable_lb' => true, 'enable_firewall' => true, 'enable_quotas' => false, 'enable_security_group' => false, 'enable_vpn' => true,
'enable_distributed_router' => false, 'enable_ha_router' => false, 'profile_support' => 'cisco',
'supported_provider_types' => ['flat', 'vxlan'], 'supported_vnic_types' => ['*'], 'default_ipv4_subnet_pool_label' => 'None', },
@ -144,6 +145,14 @@ describe 'horizon' do
'OPENSTACK_KEYSTONE_URL = "https://keystone.example.com:4682"',
'OPENSTACK_KEYSTONE_DEFAULT_ROLE = "SwiftOperator"',
'OPENSTACK_SSL_NO_VERIFY = True',
"OPENSTACK_KEYSTONE_BACKEND = {",
" 'name': 'native',",
" 'can_edit_user': True,",
" 'can_edit_group': True,",
" 'can_edit_project': True,",
" 'can_edit_domain': False,",
" 'can_edit_role': False,",
"}",
" 'can_set_mount_point': False,",
" 'can_set_password': True,",
" 'enable_backup': True,",

View File

@ -12,7 +12,7 @@ end
def verify_concat_fragment_contents(subject, title, expected_lines)
content = subject.resource('concat::fragment', title).send(:parameters)[:content]
expect(content.split("\n") & expected_lines).to eq(expected_lines)
expect(expected_lines & content.split("\n")).to eq(expected_lines)
end
at_exit { RSpec::Puppet::Coverage.report! }

View File

@ -269,14 +269,19 @@ OPENSTACK_SSL_NO_VERIFY = True
# can_edit_user to False and name to 'ldap'.
#
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
<% if @keystone_options_real.kind_of?(Hash) %>
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True,
'can_edit_group': True,
'can_edit_project': True,
'can_edit_domain': True,
'can_edit_role': True,
<% @keystone_options_real.sort.each do |opt_name,opt_val| -%>
<%- if opt_val == true or opt_val == false -%>
'<%= opt_name -%>': <%= opt_val.to_s.capitalize -%>,
<%- elsif opt_val == 'None' -%>
'<%= opt_name -%>': None,
<%- else -%>
'<%= opt_name -%>': '<%= opt_val -%>',
<%-end-%>
<% end -%>
}
<% end -%>
# Setting this to True, will add a new "Retrieve Password" action on instance,
# allowing Admin session password retrieval/decryption.