openstack
/
puppet-ironic
Code Issues Proposed changes

Globally support system scope credentials

Browse Source 
After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.

Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.

Change-Id: I180c00bf826387176427a85319cb254713d40924
changes/05/831805/3
Takashi Kajinami 11 months ago
parent 0d9aaa05fd
commit 69df6cf152
17 changed files with 348 additions and 106 deletions
Show Stats Download Patch File Download Diff File

20
manifests/cinder.pp
Unescape View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*]
# (optional) Region name for connecting to cinder in admin context
# through the OpenStack Identity service.
@ -57,18 +61,30 @@ class ironic::cinder (
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default,
$endpoint_override = $::os_service_default,
) {
include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_config {
'cinder/auth_type': value => $auth_type;
'cinder/username': value => $username;
'cinder/password': value => $password, secret => true;
'cinder/auth_url': value => $auth_url;
'cinder/project_name': value => $project_name;
'cinder/project_name': value => $project_name_real;
'cinder/user_domain_name': value => $user_domain_name;
'cinder/project_domain_name': value => $project_domain_name;
'cinder/project_domain_name': value => $project_domain_name_real;
'cinder/system_scope': value => $system_scope;
'cinder/region_name': value => $region_name;
'cinder/endpoint_override': value => $endpoint_override;
}

20
manifests/glance.pp
Unescape View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*]
# (optional) Region name for connecting to glance in admin context
# through the OpenStack Identity service.
@ -103,6 +107,7 @@ class ironic::glance (
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default,
$num_retries = $::os_service_default,
$api_insecure = $::os_service_default,
@ -117,6 +122,8 @@ class ironic::glance (
$swift_account_project_name = undef,
) {
include ironic::deps
if $api_servers {
warning("The ironic::glance::api_servers parameter is deprecated and \
has no effect. Please use ironic::glance::endpoint_override instead.")
@ -130,14 +137,23 @@ has no effect. Please use ironic::glance::endpoint_override instead.")
fail('swift_account_project_name and swift_account can not be specified in the same time.')
}
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_config {
'glance/auth_type': value => $auth_type;
'glance/username': value => $username;
'glance/password': value => $password, secret => true;
'glance/auth_url': value => $auth_url;
'glance/project_name': value => $project_name;
'glance/project_name': value => $project_name_real;
'glance/user_domain_name': value => $user_domain_name;
'glance/project_domain_name': value => $project_domain_name;
'glance/project_domain_name': value => $project_domain_name_real;
'glance/system_scope': value => $system_scope;
'glance/region_name': value => $region_name;
'glance/num_retries': value => $num_retries;
'glance/insecure': value => $api_insecure;

18
manifests/inspector/ironic.pp
Unescape View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*]
# (optional) Region name for connecting to ironic in admin context
# through the OpenStack Identity service.
@ -65,20 +69,30 @@ class ironic::inspector::ironic (
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default,
$endpoint_override = $::os_service_default,
$max_retries = $::os_service_default,
$retry_interval = $::os_service_default,
) {
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_inspector_config {
'ironic/auth_type': value => $auth_type;
'ironic/username': value => $username;
'ironic/password': value => $password, secret => true;
'ironic/auth_url': value => $auth_url;
'ironic/project_name': value => $project_name;
'ironic/project_name': value => $project_name_real;
'ironic/user_domain_name': value => $user_domain_name;
'ironic/project_domain_name': value => $project_domain_name;
'ironic/project_domain_name': value => $project_domain_name_real;
'ironic/system_scope': value => $system_scope;
'ironic/region_name': value => $region_name;
'ironic/endpoint_override': value => $endpoint_override;
'ironic/max_retries': value => $max_retries;

18
manifests/inspector/service_catalog.pp
Unescape View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*]
# (optional) Region name for accessing Keystone catalog
# through the OpenStack Identity service.
@ -57,20 +61,30 @@ class ironic::inspector::service_catalog (
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default,
$endpoint_override = $::os_service_default,
) {
include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_inspector_config {
'service_catalog/auth_type': value => $auth_type;
'service_catalog/username': value => $username;
'service_catalog/password': value => $password, secret => true;
'service_catalog/auth_url': value => $auth_url;
'service_catalog/project_name': value => $project_name;
'service_catalog/project_name': value => $project_name_real;
'service_catalog/user_domain_name': value => $user_domain_name;
'service_catalog/project_domain_name': value => $project_domain_name;
'service_catalog/project_domain_name': value => $project_domain_name_real;
'service_catalog/system_scope': value => $system_scope;
'service_catalog/region_name': value => $region_name;
'service_catalog/endpoint_override': value => $endpoint_override;
}

18
manifests/inspector/swift.pp
Unescape View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*]
# (optional) Region name for connecting to swift in admin context
# through the OpenStack Identity service.
@ -67,20 +71,30 @@ class ironic::inspector::swift (
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default,
$endpoint_override = $::os_service_default,
$container = $::os_service_default,
$delete_after = $::os_service_default,
) {
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_inspector_config {
'swift/auth_type': value => $auth_type;
'swift/username': value => $username;
'swift/password': value => $password, secret => true;
'swift/auth_url': value => $auth_url;
'swift/project_name': value => $project_name;
'swift/project_name': value => $project_name_real;
'swift/user_domain_name': value => $user_domain_name;
'swift/project_domain_name': value => $project_domain_name;
'swift/project_domain_name': value => $project_domain_name_real;
'swift/system_scope': value => $system_scope;
'swift/region_name': value => $region_name;
'swift/endpoint_override': value => $endpoint_override;
'swift/container': value => $container;

18
manifests/neutron.pp
Unescape View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*]
# (optional) Region name for connecting to neutron in admin context
# through the OpenStack Identity service.
@ -72,6 +76,7 @@ class ironic::neutron (
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default,
$endpoint_override = $::os_service_default,
$dhcpv6_stateful_address_count = $::os_service_default,
@ -84,14 +89,23 @@ class ironic::neutron (
has no effect. Please use ironic::neutron::endpoint_override instead.")
}
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_config {
'neutron/auth_type': value => $auth_type;
'neutron/username': value => $username;
'neutron/password': value => $password, secret => true;
'neutron/auth_url': value => $auth_url;
'neutron/project_name': value => $project_name;
'neutron/project_name': value => $project_name_real;
'neutron/user_domain_name': value => $user_domain_name;
'neutron/project_domain_name': value => $project_domain_name;
'neutron/project_domain_name': value => $project_domain_name_real;
'neutron/system_scope': value => $system_scope;
'neutron/region_name': value => $region_name;
'neutron/endpoint_override': value => $endpoint_override;
'neutron/dhcpv6_stateful_address_count': value => $dhcpv6_stateful_address_count;

18
manifests/service_catalog.pp
Unescape View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*]
# (optional) Region name for accessing Keystone catalog
# through the OpenStack Identity service.
@ -57,20 +61,30 @@ class ironic::service_catalog (
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default,
$endpoint_override = $::os_service_default,
) {
include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_config {
'service_catalog/auth_type': value => $auth_type;
'service_catalog/username': value => $username;
'service_catalog/password': value => $password, secret => true;
'service_catalog/auth_url': value => $auth_url;
'service_catalog/project_name': value => $project_name;
'service_catalog/project_name': value => $project_name_real;
'service_catalog/user_domain_name': value => $user_domain_name;
'service_catalog/project_domain_name': value => $project_domain_name;
'service_catalog/project_domain_name': value => $project_domain_name_real;
'service_catalog/system_scope': value => $system_scope;
'service_catalog/region_name': value => $region_name;
'service_catalog/endpoint_override': value => $endpoint_override;
}

20
manifests/swift.pp
Unescape View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3).
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*]
# (optional) Region name for connecting to swift in admin context
# through the OpenStack Identity service.
@ -57,18 +61,30 @@ class ironic::swift (
$password = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default,
$endpoint_override = $::os_service_default,
) {
include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_config {
'swift/auth_type': value => $auth_type;
'swift/username': value => $username;
'swift/password': value => $password, secret => true;
'swift/auth_url': value => $auth_url;
'swift/project_name': value => $project_name;
'swift/project_name': value => $project_name_real;
'swift/user_domain_name': value => $user_domain_name;
'swift/project_domain_name': value => $project_domain_name;
'swift/project_domain_name': value => $project_domain_name_real;
'swift/system_scope': value => $system_scope;
'swift/region_name': value => $region_name;
'swift/endpoint_override': value => $endpoint_override;
}

12
releasenotes/notes/system_scope-all-35a686d082e4b1cc.yaml
Unescape View File

@ -0,0 +1,12 @@
---
features:
- |
The new ``system_scope`` parameter has been added to the following classes.
- ``ironic::cinder``
- ``ironic::glance``
- ``ironic::neutron``
- ``ironic::service_catalog``
- ``ironic::swift``
- ``ironic::inspector::ironic``
- ``ironic::inspector::swift``

32
spec/classes/ironic_cinder_spec.rb
Unescape View File

@ -41,6 +41,7 @@ describe 'ironic::cinder' do
is_expected.to contain_ironic_config('cinder/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('cinder/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('cinder/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('cinder/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('cinder/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('cinder/endpoint_override').with_value('<SERVICE DEFAULT>')
end
@ -48,15 +49,15 @@ describe 'ironic::cinder' do
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
)
end
@ -68,11 +69,24 @@ describe 'ironic::cinder' do
is_expected.to contain_ironic_config('cinder/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('cinder/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('cinder/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('cinder/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('cinder/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_config('cinder/endpoint_override').with_value(p[:endpoint_override])
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_config('cinder/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('cinder/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('cinder/system_scope').with_value('all')
end
end
end
on_supported_os({

58
spec/classes/ironic_glance_spec.rb
Unescape View File

@ -41,37 +41,38 @@ describe 'ironic::glance' do
is_expected.to contain_ironic_config('glance/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('glance/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('glance/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('glance/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/insecure').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/num_retries').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_account').with(:value => '<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_container').with(:value => '<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_endpoint_url').with(:value => '<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_temp_url_key').with(:value => '<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('glance/swift_temp_url_duration').with(:value => '<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_account').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_container').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_endpoint_url').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_temp_url_key').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('glance/swift_temp_url_duration').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/endpoint_override').with_value('<SERVICE DEFAULT>')
end
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:api_servers => '10.0.0.1:9292',
:api_insecure => true,
:num_retries => 42,
:swift_account => '00000000-0000-0000-0000-000000000000',
:swift_container => 'glance',
:swift_endpoint_url => 'http://example2.com',
:swift_temp_url_key => 'the-key',
:swift_temp_url_duration => 3600,
:endpoint_override => 'http://example2.com',
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:api_servers => '10.0.0.1:9292',
:api_insecure => true,
:num_retries => 42,
:swift_account => '00000000-0000-0000-0000-000000000000',
:swift_container => 'glance',
:swift_endpoint_url => 'http://example2.com',
:swift_temp_url_key => 'the-key',
:swift_temp_url_duration => 3600,
:endpoint_override => 'http://example2.com',
)
end
@ -83,6 +84,7 @@ describe 'ironic::glance' do
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('glance/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('glance/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('glance/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_config('glance/insecure').with_value(p[:api_insecure])
is_expected.to contain_ironic_config('glance/num_retries').with_value(p[:num_retries])
@ -106,6 +108,18 @@ describe 'ironic::glance' do
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_config('glance/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/system_scope').with_value('all')
end
end
end
on_supported_os({

36
spec/classes/ironic_inspector_ironic_spec.rb
Unescape View File

@ -42,6 +42,7 @@ describe 'ironic::inspector::ironic' do
is_expected.to contain_ironic_inspector_config('ironic/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('ironic/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value('<SERVICE DEFAULT>')
@ -51,17 +52,17 @@ describe 'ironic::inspector::ironic' do
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:max_retries => 30,
:retry_interval => 2,
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:max_retries => 30,
:retry_interval => 2,
)
end
@ -73,6 +74,7 @@ describe 'ironic::inspector::ironic' do
is_expected.to contain_ironic_inspector_config('ironic/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_inspector_config('ironic/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value(p[:endpoint_override])
is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(p[:max_retries])
@ -80,6 +82,18 @@ describe 'ironic::inspector::ironic' do
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/system_scope').with_value('all')
end
end
end
on_supported_os({

32
spec/classes/ironic_inspector_service_catalog_spec.rb
Unescape View File

@ -41,6 +41,7 @@ describe 'ironic::inspector::service_catalog' do
is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('service_catalog/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value('<SERVICE DEFAULT>')
end
@ -48,15 +49,15 @@ describe 'ironic::inspector::service_catalog' do
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
)
end
@ -68,11 +69,24 @@ describe 'ironic::inspector::service_catalog' do
is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_inspector_config('service_catalog/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value(p[:endpoint_override])
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/system_scope').with_value('all')
end
end
end
on_supported_os({

36
spec/classes/ironic_inspector_swift_spec.rb
Unescape View File

@ -42,6 +42,7 @@ describe 'ironic::inspector::swift' do
is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('swift/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/container').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/delete_after').with_value('<SERVICE DEFAULT>')
@ -50,17 +51,17 @@ describe 'ironic::inspector::swift' do
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:container => 'mycontainer',
:delete_after => 0,
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:container => 'mycontainer',
:delete_after => 0,
)
end
@ -73,12 +74,25 @@ describe 'ironic::inspector::swift' do
is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_inspector_config('swift/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_inspector_config('swift/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value(p[:endpoint_override])
is_expected.to contain_ironic_inspector_config('swift/container').with_value(p[:container])
is_expected.to contain_ironic_inspector_config('swift/delete_after').with_value(0)
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/system_scope').with_value('all')
end
end
end
on_supported_os({

34
spec/classes/ironic_neutron_spec.rb
Unescape View File

@ -41,6 +41,7 @@ describe 'ironic::neutron' do
is_expected.to contain_ironic_config('neutron/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('neutron/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('neutron/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/dhcpv6_stateful_address_count').with_value('<SERVICE DEFAULT>')
@ -49,16 +50,16 @@ describe 'ironic::neutron' do
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:dhcpv6_stateful_address_count => 8,
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:dhcpv6_stateful_address_count => 8,
)
end
@ -70,12 +71,25 @@ describe 'ironic::neutron' do
is_expected.to contain_ironic_config('neutron/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('neutron/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('neutron/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_config('neutron/endpoint_override').with_value(p[:endpoint_override])
is_expected.to contain_ironic_config('neutron/dhcpv6_stateful_address_count').with_value(p[:dhcpv6_stateful_address_count])
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/system_scope').with_value('all')
end
end
end
on_supported_os({

32
spec/classes/ironic_service_catalog_spec.rb
Unescape View File

@ -41,6 +41,7 @@ describe 'ironic::service_catalog' do
is_expected.to contain_ironic_config('service_catalog/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('service_catalog/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('service_catalog/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/endpoint_override').with_value('<SERVICE DEFAULT>')
end
@ -48,15 +49,15 @@ describe 'ironic::service_catalog' do
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
)
end
@ -68,11 +69,24 @@ describe 'ironic::service_catalog' do
is_expected.to contain_ironic_config('service_catalog/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('service_catalog/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('service_catalog/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_config('service_catalog/endpoint_override').with_value(p[:endpoint_override])
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/system_scope').with_value('all')
end
end
end
on_supported_os({

32
spec/classes/ironic_swift_spec.rb
Unescape View File

@ -41,6 +41,7 @@ describe 'ironic::swift' do
is_expected.to contain_ironic_config('swift/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('swift/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('swift/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('swift/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/endpoint_override').with_value('<SERVICE DEFAULT>')
end
@ -48,15 +49,15 @@ describe 'ironic::swift' do
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:password => 'pa$$w0rd',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
)
end
@ -68,11 +69,24 @@ describe 'ironic::swift' do
is_expected.to contain_ironic_config('swift/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('swift/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('swift/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('swift/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_config('swift/endpoint_override').with_value(p[:endpoint_override])
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_config('swift/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/system_scope').with_value('all')
end
end
end
on_supported_os({

Write Preview
Loading…
Cancel
Save