Globally support system scope credentials

After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.

Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.

Change-Id: I180c00bf826387176427a85319cb254713d40924
This commit is contained in:
Takashi Kajinami 2022-03-04 01:04:54 +09:00
parent 0d9aaa05fd
commit 69df6cf152
17 changed files with 348 additions and 106 deletions

View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3). # The name of project's domain (required for Identity V3).
# Defaults to 'Default' # Defaults to 'Default'
# #
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*] # [*region_name*]
# (optional) Region name for connecting to cinder in admin context # (optional) Region name for connecting to cinder in admin context
# through the OpenStack Identity service. # through the OpenStack Identity service.
@ -57,18 +61,30 @@ class ironic::cinder (
$password = $::os_service_default, $password = $::os_service_default,
$user_domain_name = 'Default', $user_domain_name = 'Default',
$project_domain_name = 'Default', $project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default, $region_name = $::os_service_default,
$endpoint_override = $::os_service_default, $endpoint_override = $::os_service_default,
) { ) {
include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_config { ironic_config {
'cinder/auth_type': value => $auth_type; 'cinder/auth_type': value => $auth_type;
'cinder/username': value => $username; 'cinder/username': value => $username;
'cinder/password': value => $password, secret => true; 'cinder/password': value => $password, secret => true;
'cinder/auth_url': value => $auth_url; 'cinder/auth_url': value => $auth_url;
'cinder/project_name': value => $project_name; 'cinder/project_name': value => $project_name_real;
'cinder/user_domain_name': value => $user_domain_name; 'cinder/user_domain_name': value => $user_domain_name;
'cinder/project_domain_name': value => $project_domain_name; 'cinder/project_domain_name': value => $project_domain_name_real;
'cinder/system_scope': value => $system_scope;
'cinder/region_name': value => $region_name; 'cinder/region_name': value => $region_name;
'cinder/endpoint_override': value => $endpoint_override; 'cinder/endpoint_override': value => $endpoint_override;
} }

View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3). # The name of project's domain (required for Identity V3).
# Defaults to 'Default' # Defaults to 'Default'
# #
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*] # [*region_name*]
# (optional) Region name for connecting to glance in admin context # (optional) Region name for connecting to glance in admin context
# through the OpenStack Identity service. # through the OpenStack Identity service.
@ -103,6 +107,7 @@ class ironic::glance (
$password = $::os_service_default, $password = $::os_service_default,
$user_domain_name = 'Default', $user_domain_name = 'Default',
$project_domain_name = 'Default', $project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default, $region_name = $::os_service_default,
$num_retries = $::os_service_default, $num_retries = $::os_service_default,
$api_insecure = $::os_service_default, $api_insecure = $::os_service_default,
@ -117,6 +122,8 @@ class ironic::glance (
$swift_account_project_name = undef, $swift_account_project_name = undef,
) { ) {
include ironic::deps
if $api_servers { if $api_servers {
warning("The ironic::glance::api_servers parameter is deprecated and \ warning("The ironic::glance::api_servers parameter is deprecated and \
has no effect. Please use ironic::glance::endpoint_override instead.") has no effect. Please use ironic::glance::endpoint_override instead.")
@ -130,14 +137,23 @@ has no effect. Please use ironic::glance::endpoint_override instead.")
fail('swift_account_project_name and swift_account can not be specified in the same time.') fail('swift_account_project_name and swift_account can not be specified in the same time.')
} }
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_config { ironic_config {
'glance/auth_type': value => $auth_type; 'glance/auth_type': value => $auth_type;
'glance/username': value => $username; 'glance/username': value => $username;
'glance/password': value => $password, secret => true; 'glance/password': value => $password, secret => true;
'glance/auth_url': value => $auth_url; 'glance/auth_url': value => $auth_url;
'glance/project_name': value => $project_name; 'glance/project_name': value => $project_name_real;
'glance/user_domain_name': value => $user_domain_name; 'glance/user_domain_name': value => $user_domain_name;
'glance/project_domain_name': value => $project_domain_name; 'glance/project_domain_name': value => $project_domain_name_real;
'glance/system_scope': value => $system_scope;
'glance/region_name': value => $region_name; 'glance/region_name': value => $region_name;
'glance/num_retries': value => $num_retries; 'glance/num_retries': value => $num_retries;
'glance/insecure': value => $api_insecure; 'glance/insecure': value => $api_insecure;

View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3). # The name of project's domain (required for Identity V3).
# Defaults to 'Default' # Defaults to 'Default'
# #
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*] # [*region_name*]
# (optional) Region name for connecting to ironic in admin context # (optional) Region name for connecting to ironic in admin context
# through the OpenStack Identity service. # through the OpenStack Identity service.
@ -65,20 +69,30 @@ class ironic::inspector::ironic (
$password = $::os_service_default, $password = $::os_service_default,
$user_domain_name = 'Default', $user_domain_name = 'Default',
$project_domain_name = 'Default', $project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default, $region_name = $::os_service_default,
$endpoint_override = $::os_service_default, $endpoint_override = $::os_service_default,
$max_retries = $::os_service_default, $max_retries = $::os_service_default,
$retry_interval = $::os_service_default, $retry_interval = $::os_service_default,
) { ) {
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_inspector_config { ironic_inspector_config {
'ironic/auth_type': value => $auth_type; 'ironic/auth_type': value => $auth_type;
'ironic/username': value => $username; 'ironic/username': value => $username;
'ironic/password': value => $password, secret => true; 'ironic/password': value => $password, secret => true;
'ironic/auth_url': value => $auth_url; 'ironic/auth_url': value => $auth_url;
'ironic/project_name': value => $project_name; 'ironic/project_name': value => $project_name_real;
'ironic/user_domain_name': value => $user_domain_name; 'ironic/user_domain_name': value => $user_domain_name;
'ironic/project_domain_name': value => $project_domain_name; 'ironic/project_domain_name': value => $project_domain_name_real;
'ironic/system_scope': value => $system_scope;
'ironic/region_name': value => $region_name; 'ironic/region_name': value => $region_name;
'ironic/endpoint_override': value => $endpoint_override; 'ironic/endpoint_override': value => $endpoint_override;
'ironic/max_retries': value => $max_retries; 'ironic/max_retries': value => $max_retries;

View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3). # The name of project's domain (required for Identity V3).
# Defaults to 'Default' # Defaults to 'Default'
# #
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*] # [*region_name*]
# (optional) Region name for accessing Keystone catalog # (optional) Region name for accessing Keystone catalog
# through the OpenStack Identity service. # through the OpenStack Identity service.
@ -57,20 +61,30 @@ class ironic::inspector::service_catalog (
$password = $::os_service_default, $password = $::os_service_default,
$user_domain_name = 'Default', $user_domain_name = 'Default',
$project_domain_name = 'Default', $project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default, $region_name = $::os_service_default,
$endpoint_override = $::os_service_default, $endpoint_override = $::os_service_default,
) { ) {
include ironic::deps include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_inspector_config { ironic_inspector_config {
'service_catalog/auth_type': value => $auth_type; 'service_catalog/auth_type': value => $auth_type;
'service_catalog/username': value => $username; 'service_catalog/username': value => $username;
'service_catalog/password': value => $password, secret => true; 'service_catalog/password': value => $password, secret => true;
'service_catalog/auth_url': value => $auth_url; 'service_catalog/auth_url': value => $auth_url;
'service_catalog/project_name': value => $project_name; 'service_catalog/project_name': value => $project_name_real;
'service_catalog/user_domain_name': value => $user_domain_name; 'service_catalog/user_domain_name': value => $user_domain_name;
'service_catalog/project_domain_name': value => $project_domain_name; 'service_catalog/project_domain_name': value => $project_domain_name_real;
'service_catalog/system_scope': value => $system_scope;
'service_catalog/region_name': value => $region_name; 'service_catalog/region_name': value => $region_name;
'service_catalog/endpoint_override': value => $endpoint_override; 'service_catalog/endpoint_override': value => $endpoint_override;
} }

View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3). # The name of project's domain (required for Identity V3).
# Defaults to 'Default' # Defaults to 'Default'
# #
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*] # [*region_name*]
# (optional) Region name for connecting to swift in admin context # (optional) Region name for connecting to swift in admin context
# through the OpenStack Identity service. # through the OpenStack Identity service.
@ -67,20 +71,30 @@ class ironic::inspector::swift (
$password = $::os_service_default, $password = $::os_service_default,
$user_domain_name = 'Default', $user_domain_name = 'Default',
$project_domain_name = 'Default', $project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default, $region_name = $::os_service_default,
$endpoint_override = $::os_service_default, $endpoint_override = $::os_service_default,
$container = $::os_service_default, $container = $::os_service_default,
$delete_after = $::os_service_default, $delete_after = $::os_service_default,
) { ) {
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_inspector_config { ironic_inspector_config {
'swift/auth_type': value => $auth_type; 'swift/auth_type': value => $auth_type;
'swift/username': value => $username; 'swift/username': value => $username;
'swift/password': value => $password, secret => true; 'swift/password': value => $password, secret => true;
'swift/auth_url': value => $auth_url; 'swift/auth_url': value => $auth_url;
'swift/project_name': value => $project_name; 'swift/project_name': value => $project_name_real;
'swift/user_domain_name': value => $user_domain_name; 'swift/user_domain_name': value => $user_domain_name;
'swift/project_domain_name': value => $project_domain_name; 'swift/project_domain_name': value => $project_domain_name_real;
'swift/system_scope': value => $system_scope;
'swift/region_name': value => $region_name; 'swift/region_name': value => $region_name;
'swift/endpoint_override': value => $endpoint_override; 'swift/endpoint_override': value => $endpoint_override;
'swift/container': value => $container; 'swift/container': value => $container;

View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3). # The name of project's domain (required for Identity V3).
# Defaults to 'Default' # Defaults to 'Default'
# #
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*] # [*region_name*]
# (optional) Region name for connecting to neutron in admin context # (optional) Region name for connecting to neutron in admin context
# through the OpenStack Identity service. # through the OpenStack Identity service.
@ -72,6 +76,7 @@ class ironic::neutron (
$password = $::os_service_default, $password = $::os_service_default,
$user_domain_name = 'Default', $user_domain_name = 'Default',
$project_domain_name = 'Default', $project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default, $region_name = $::os_service_default,
$endpoint_override = $::os_service_default, $endpoint_override = $::os_service_default,
$dhcpv6_stateful_address_count = $::os_service_default, $dhcpv6_stateful_address_count = $::os_service_default,
@ -84,14 +89,23 @@ class ironic::neutron (
has no effect. Please use ironic::neutron::endpoint_override instead.") has no effect. Please use ironic::neutron::endpoint_override instead.")
} }
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_config { ironic_config {
'neutron/auth_type': value => $auth_type; 'neutron/auth_type': value => $auth_type;
'neutron/username': value => $username; 'neutron/username': value => $username;
'neutron/password': value => $password, secret => true; 'neutron/password': value => $password, secret => true;
'neutron/auth_url': value => $auth_url; 'neutron/auth_url': value => $auth_url;
'neutron/project_name': value => $project_name; 'neutron/project_name': value => $project_name_real;
'neutron/user_domain_name': value => $user_domain_name; 'neutron/user_domain_name': value => $user_domain_name;
'neutron/project_domain_name': value => $project_domain_name; 'neutron/project_domain_name': value => $project_domain_name_real;
'neutron/system_scope': value => $system_scope;
'neutron/region_name': value => $region_name; 'neutron/region_name': value => $region_name;
'neutron/endpoint_override': value => $endpoint_override; 'neutron/endpoint_override': value => $endpoint_override;
'neutron/dhcpv6_stateful_address_count': value => $dhcpv6_stateful_address_count; 'neutron/dhcpv6_stateful_address_count': value => $dhcpv6_stateful_address_count;

View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3). # The name of project's domain (required for Identity V3).
# Defaults to 'Default' # Defaults to 'Default'
# #
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*] # [*region_name*]
# (optional) Region name for accessing Keystone catalog # (optional) Region name for accessing Keystone catalog
# through the OpenStack Identity service. # through the OpenStack Identity service.
@ -57,20 +61,30 @@ class ironic::service_catalog (
$password = $::os_service_default, $password = $::os_service_default,
$user_domain_name = 'Default', $user_domain_name = 'Default',
$project_domain_name = 'Default', $project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default, $region_name = $::os_service_default,
$endpoint_override = $::os_service_default, $endpoint_override = $::os_service_default,
) { ) {
include ironic::deps include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_config { ironic_config {
'service_catalog/auth_type': value => $auth_type; 'service_catalog/auth_type': value => $auth_type;
'service_catalog/username': value => $username; 'service_catalog/username': value => $username;
'service_catalog/password': value => $password, secret => true; 'service_catalog/password': value => $password, secret => true;
'service_catalog/auth_url': value => $auth_url; 'service_catalog/auth_url': value => $auth_url;
'service_catalog/project_name': value => $project_name; 'service_catalog/project_name': value => $project_name_real;
'service_catalog/user_domain_name': value => $user_domain_name; 'service_catalog/user_domain_name': value => $user_domain_name;
'service_catalog/project_domain_name': value => $project_domain_name; 'service_catalog/project_domain_name': value => $project_domain_name_real;
'service_catalog/system_scope': value => $system_scope;
'service_catalog/region_name': value => $region_name; 'service_catalog/region_name': value => $region_name;
'service_catalog/endpoint_override': value => $endpoint_override; 'service_catalog/endpoint_override': value => $endpoint_override;
} }

View File

@ -40,6 +40,10 @@
# The name of project's domain (required for Identity V3). # The name of project's domain (required for Identity V3).
# Defaults to 'Default' # Defaults to 'Default'
# #
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
#
# [*region_name*] # [*region_name*]
# (optional) Region name for connecting to swift in admin context # (optional) Region name for connecting to swift in admin context
# through the OpenStack Identity service. # through the OpenStack Identity service.
@ -57,18 +61,30 @@ class ironic::swift (
$password = $::os_service_default, $password = $::os_service_default,
$user_domain_name = 'Default', $user_domain_name = 'Default',
$project_domain_name = 'Default', $project_domain_name = 'Default',
$system_scope = $::os_service_default,
$region_name = $::os_service_default, $region_name = $::os_service_default,
$endpoint_override = $::os_service_default, $endpoint_override = $::os_service_default,
) { ) {
include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
ironic_config { ironic_config {
'swift/auth_type': value => $auth_type; 'swift/auth_type': value => $auth_type;
'swift/username': value => $username; 'swift/username': value => $username;
'swift/password': value => $password, secret => true; 'swift/password': value => $password, secret => true;
'swift/auth_url': value => $auth_url; 'swift/auth_url': value => $auth_url;
'swift/project_name': value => $project_name; 'swift/project_name': value => $project_name_real;
'swift/user_domain_name': value => $user_domain_name; 'swift/user_domain_name': value => $user_domain_name;
'swift/project_domain_name': value => $project_domain_name; 'swift/project_domain_name': value => $project_domain_name_real;
'swift/system_scope': value => $system_scope;
'swift/region_name': value => $region_name; 'swift/region_name': value => $region_name;
'swift/endpoint_override': value => $endpoint_override; 'swift/endpoint_override': value => $endpoint_override;
} }

View File

@ -0,0 +1,12 @@
---
features:
- |
The new ``system_scope`` parameter has been added to the following classes.
- ``ironic::cinder``
- ``ironic::glance``
- ``ironic::neutron``
- ``ironic::service_catalog``
- ``ironic::swift``
- ``ironic::inspector::ironic``
- ``ironic::inspector::swift``

View File

@ -41,6 +41,7 @@ describe 'ironic::cinder' do
is_expected.to contain_ironic_config('cinder/password').with_value('<SERVICE DEFAULT>').with_secret(true) is_expected.to contain_ironic_config('cinder/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('cinder/user_domain_name').with_value('Default') is_expected.to contain_ironic_config('cinder/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('cinder/project_domain_name').with_value('Default') is_expected.to contain_ironic_config('cinder/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('cinder/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('cinder/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('cinder/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('cinder/endpoint_override').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('cinder/endpoint_override').with_value('<SERVICE DEFAULT>')
end end
@ -48,15 +49,15 @@ describe 'ironic::cinder' do
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do before :each do
params.merge!( params.merge!(
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:user_domain_name => 'NonDefault', :user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault', :project_domain_name => 'NonDefault',
:region_name => 'regionTwo', :region_name => 'regionTwo',
:endpoint_override => 'http://example2.com', :endpoint_override => 'http://example2.com',
) )
end end
@ -68,11 +69,24 @@ describe 'ironic::cinder' do
is_expected.to contain_ironic_config('cinder/password').with_value(p[:password]).with_secret(true) is_expected.to contain_ironic_config('cinder/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('cinder/user_domain_name').with_value(p[:user_domain_name]) is_expected.to contain_ironic_config('cinder/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('cinder/project_domain_name').with_value(p[:project_domain_name]) is_expected.to contain_ironic_config('cinder/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('cinder/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('cinder/region_name').with_value(p[:region_name]) is_expected.to contain_ironic_config('cinder/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_config('cinder/endpoint_override').with_value(p[:endpoint_override]) is_expected.to contain_ironic_config('cinder/endpoint_override').with_value(p[:endpoint_override])
end end
end end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_config('cinder/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('cinder/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('cinder/system_scope').with_value('all')
end
end
end end
on_supported_os({ on_supported_os({

View File

@ -41,37 +41,38 @@ describe 'ironic::glance' do
is_expected.to contain_ironic_config('glance/password').with_value('<SERVICE DEFAULT>').with_secret(true) is_expected.to contain_ironic_config('glance/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('glance/user_domain_name').with_value('Default') is_expected.to contain_ironic_config('glance/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('glance/project_domain_name').with_value('Default') is_expected.to contain_ironic_config('glance/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('glance/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('glance/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/insecure').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('glance/insecure').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/num_retries').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('glance/num_retries').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_account').with(:value => '<SERVICE DEFAULT>') is_expected.to contain_ironic_config('glance/swift_account').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_container').with(:value => '<SERVICE DEFAULT>') is_expected.to contain_ironic_config('glance/swift_container').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_endpoint_url').with(:value => '<SERVICE DEFAULT>') is_expected.to contain_ironic_config('glance/swift_endpoint_url').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/swift_temp_url_key').with(:value => '<SERVICE DEFAULT>').with_secret(true) is_expected.to contain_ironic_config('glance/swift_temp_url_key').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('glance/swift_temp_url_duration').with(:value => '<SERVICE DEFAULT>') is_expected.to contain_ironic_config('glance/swift_temp_url_duration').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/endpoint_override').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('glance/endpoint_override').with_value('<SERVICE DEFAULT>')
end end
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do before :each do
params.merge!( params.merge!(
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:user_domain_name => 'NonDefault', :user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault', :project_domain_name => 'NonDefault',
:region_name => 'regionTwo', :region_name => 'regionTwo',
:api_servers => '10.0.0.1:9292', :api_servers => '10.0.0.1:9292',
:api_insecure => true, :api_insecure => true,
:num_retries => 42, :num_retries => 42,
:swift_account => '00000000-0000-0000-0000-000000000000', :swift_account => '00000000-0000-0000-0000-000000000000',
:swift_container => 'glance', :swift_container => 'glance',
:swift_endpoint_url => 'http://example2.com', :swift_endpoint_url => 'http://example2.com',
:swift_temp_url_key => 'the-key', :swift_temp_url_key => 'the-key',
:swift_temp_url_duration => 3600, :swift_temp_url_duration => 3600,
:endpoint_override => 'http://example2.com', :endpoint_override => 'http://example2.com',
) )
end end
@ -83,6 +84,7 @@ describe 'ironic::glance' do
is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true) is_expected.to contain_ironic_config('glance/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('glance/user_domain_name').with_value(p[:user_domain_name]) is_expected.to contain_ironic_config('glance/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('glance/project_domain_name').with_value(p[:project_domain_name]) is_expected.to contain_ironic_config('glance/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('glance/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/region_name').with_value(p[:region_name]) is_expected.to contain_ironic_config('glance/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_config('glance/insecure').with_value(p[:api_insecure]) is_expected.to contain_ironic_config('glance/insecure').with_value(p[:api_insecure])
is_expected.to contain_ironic_config('glance/num_retries').with_value(p[:num_retries]) is_expected.to contain_ironic_config('glance/num_retries').with_value(p[:num_retries])
@ -106,6 +108,18 @@ describe 'ironic::glance' do
end end
end end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_config('glance/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('glance/system_scope').with_value('all')
end
end
end end
on_supported_os({ on_supported_os({

View File

@ -42,6 +42,7 @@ describe 'ironic::inspector::ironic' do
is_expected.to contain_ironic_inspector_config('ironic/password').with_value('<SERVICE DEFAULT>').with_secret(true) is_expected.to contain_ironic_inspector_config('ironic/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('ironic/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value('<SERVICE DEFAULT>')
@ -51,17 +52,17 @@ describe 'ironic::inspector::ironic' do
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do before :each do
params.merge!( params.merge!(
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:user_domain_name => 'NonDefault', :user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault', :project_domain_name => 'NonDefault',
:region_name => 'regionTwo', :region_name => 'regionTwo',
:endpoint_override => 'http://example2.com', :endpoint_override => 'http://example2.com',
:max_retries => 30, :max_retries => 30,
:retry_interval => 2, :retry_interval => 2,
) )
end end
@ -73,6 +74,7 @@ describe 'ironic::inspector::ironic' do
is_expected.to contain_ironic_inspector_config('ironic/password').with_value(p[:password]).with_secret(true) is_expected.to contain_ironic_inspector_config('ironic/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value(p[:user_domain_name]) is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value(p[:project_domain_name]) is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_inspector_config('ironic/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value(p[:region_name]) is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value(p[:endpoint_override]) is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value(p[:endpoint_override])
is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(p[:max_retries]) is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(p[:max_retries])
@ -80,6 +82,18 @@ describe 'ironic::inspector::ironic' do
end end
end end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/system_scope').with_value('all')
end
end
end end
on_supported_os({ on_supported_os({

View File

@ -41,6 +41,7 @@ describe 'ironic::inspector::service_catalog' do
is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value('<SERVICE DEFAULT>').with_secret(true) is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('service_catalog/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value('<SERVICE DEFAULT>')
end end
@ -48,15 +49,15 @@ describe 'ironic::inspector::service_catalog' do
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do before :each do
params.merge!( params.merge!(
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:user_domain_name => 'NonDefault', :user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault', :project_domain_name => 'NonDefault',
:region_name => 'regionTwo', :region_name => 'regionTwo',
:endpoint_override => 'http://example2.com', :endpoint_override => 'http://example2.com',
) )
end end
@ -68,11 +69,24 @@ describe 'ironic::inspector::service_catalog' do
is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value(p[:password]).with_secret(true) is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value(p[:user_domain_name]) is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value(p[:project_domain_name]) is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_inspector_config('service_catalog/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value(p[:region_name]) is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value(p[:endpoint_override]) is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value(p[:endpoint_override])
end end
end end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/system_scope').with_value('all')
end
end
end end
on_supported_os({ on_supported_os({

View File

@ -42,6 +42,7 @@ describe 'ironic::inspector::swift' do
is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value('Default') is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('swift/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_inspector_config('swift/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/container').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_inspector_config('swift/container').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/delete_after').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_inspector_config('swift/delete_after').with_value('<SERVICE DEFAULT>')
@ -50,17 +51,17 @@ describe 'ironic::inspector::swift' do
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do before :each do
params.merge!( params.merge!(
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:user_domain_name => 'NonDefault', :user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault', :project_domain_name => 'NonDefault',
:region_name => 'regionTwo', :region_name => 'regionTwo',
:endpoint_override => 'http://example2.com', :endpoint_override => 'http://example2.com',
:container => 'mycontainer', :container => 'mycontainer',
:delete_after => 0, :delete_after => 0,
) )
end end
@ -73,12 +74,25 @@ describe 'ironic::inspector::swift' do
is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value(p[:user_domain_name]) is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value(p[:project_domain_name]) is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_inspector_config('swift/region_name').with_value(p[:region_name]) is_expected.to contain_ironic_inspector_config('swift/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_inspector_config('swift/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value(p[:endpoint_override]) is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value(p[:endpoint_override])
is_expected.to contain_ironic_inspector_config('swift/container').with_value(p[:container]) is_expected.to contain_ironic_inspector_config('swift/container').with_value(p[:container])
is_expected.to contain_ironic_inspector_config('swift/delete_after').with_value(0) is_expected.to contain_ironic_inspector_config('swift/delete_after').with_value(0)
end end
end end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/system_scope').with_value('all')
end
end
end end
on_supported_os({ on_supported_os({

View File

@ -41,6 +41,7 @@ describe 'ironic::neutron' do
is_expected.to contain_ironic_config('neutron/password').with_value('<SERVICE DEFAULT>').with_secret(true) is_expected.to contain_ironic_config('neutron/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('neutron/user_domain_name').with_value('Default') is_expected.to contain_ironic_config('neutron/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value('Default') is_expected.to contain_ironic_config('neutron/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('neutron/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('neutron/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/endpoint_override').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('neutron/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/dhcpv6_stateful_address_count').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('neutron/dhcpv6_stateful_address_count').with_value('<SERVICE DEFAULT>')
@ -49,16 +50,16 @@ describe 'ironic::neutron' do
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do before :each do
params.merge!( params.merge!(
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:user_domain_name => 'NonDefault', :user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault', :project_domain_name => 'NonDefault',
:region_name => 'regionTwo', :region_name => 'regionTwo',
:endpoint_override => 'http://example2.com', :endpoint_override => 'http://example2.com',
:dhcpv6_stateful_address_count => 8, :dhcpv6_stateful_address_count => 8,
) )
end end
@ -70,12 +71,25 @@ describe 'ironic::neutron' do
is_expected.to contain_ironic_config('neutron/password').with_value(p[:password]).with_secret(true) is_expected.to contain_ironic_config('neutron/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('neutron/user_domain_name').with_value(p[:user_domain_name]) is_expected.to contain_ironic_config('neutron/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value(p[:project_domain_name]) is_expected.to contain_ironic_config('neutron/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('neutron/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/region_name').with_value(p[:region_name]) is_expected.to contain_ironic_config('neutron/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_config('neutron/endpoint_override').with_value(p[:endpoint_override]) is_expected.to contain_ironic_config('neutron/endpoint_override').with_value(p[:endpoint_override])
is_expected.to contain_ironic_config('neutron/dhcpv6_stateful_address_count').with_value(p[:dhcpv6_stateful_address_count]) is_expected.to contain_ironic_config('neutron/dhcpv6_stateful_address_count').with_value(p[:dhcpv6_stateful_address_count])
end end
end end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_config('neutron/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('neutron/system_scope').with_value('all')
end
end
end end
on_supported_os({ on_supported_os({

View File

@ -41,6 +41,7 @@ describe 'ironic::service_catalog' do
is_expected.to contain_ironic_config('service_catalog/password').with_value('<SERVICE DEFAULT>').with_secret(true) is_expected.to contain_ironic_config('service_catalog/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('service_catalog/user_domain_name').with_value('Default') is_expected.to contain_ironic_config('service_catalog/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value('Default') is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('service_catalog/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('service_catalog/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/endpoint_override').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('service_catalog/endpoint_override').with_value('<SERVICE DEFAULT>')
end end
@ -48,15 +49,15 @@ describe 'ironic::service_catalog' do
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do before :each do
params.merge!( params.merge!(
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:user_domain_name => 'NonDefault', :user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault', :project_domain_name => 'NonDefault',
:region_name => 'regionTwo', :region_name => 'regionTwo',
:endpoint_override => 'http://example2.com', :endpoint_override => 'http://example2.com',
) )
end end
@ -68,11 +69,24 @@ describe 'ironic::service_catalog' do
is_expected.to contain_ironic_config('service_catalog/password').with_value(p[:password]).with_secret(true) is_expected.to contain_ironic_config('service_catalog/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('service_catalog/user_domain_name').with_value(p[:user_domain_name]) is_expected.to contain_ironic_config('service_catalog/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value(p[:project_domain_name]) is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('service_catalog/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/region_name').with_value(p[:region_name]) is_expected.to contain_ironic_config('service_catalog/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_config('service_catalog/endpoint_override').with_value(p[:endpoint_override]) is_expected.to contain_ironic_config('service_catalog/endpoint_override').with_value(p[:endpoint_override])
end end
end end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_config('service_catalog/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('service_catalog/system_scope').with_value('all')
end
end
end end
on_supported_os({ on_supported_os({

View File

@ -41,6 +41,7 @@ describe 'ironic::swift' do
is_expected.to contain_ironic_config('swift/password').with_value('<SERVICE DEFAULT>').with_secret(true) is_expected.to contain_ironic_config('swift/password').with_value('<SERVICE DEFAULT>').with_secret(true)
is_expected.to contain_ironic_config('swift/user_domain_name').with_value('Default') is_expected.to contain_ironic_config('swift/user_domain_name').with_value('Default')
is_expected.to contain_ironic_config('swift/project_domain_name').with_value('Default') is_expected.to contain_ironic_config('swift/project_domain_name').with_value('Default')
is_expected.to contain_ironic_config('swift/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/region_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('swift/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/endpoint_override').with_value('<SERVICE DEFAULT>') is_expected.to contain_ironic_config('swift/endpoint_override').with_value('<SERVICE DEFAULT>')
end end
@ -48,15 +49,15 @@ describe 'ironic::swift' do
context 'when overriding parameters' do context 'when overriding parameters' do
before :each do before :each do
params.merge!( params.merge!(
:auth_type => 'noauth', :auth_type => 'noauth',
:auth_url => 'http://example.com', :auth_url => 'http://example.com',
:project_name => 'project1', :project_name => 'project1',
:username => 'admin', :username => 'admin',
:password => 'pa$$w0rd', :password => 'pa$$w0rd',
:user_domain_name => 'NonDefault', :user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault', :project_domain_name => 'NonDefault',
:region_name => 'regionTwo', :region_name => 'regionTwo',
:endpoint_override => 'http://example2.com', :endpoint_override => 'http://example2.com',
) )
end end
@ -68,11 +69,24 @@ describe 'ironic::swift' do
is_expected.to contain_ironic_config('swift/password').with_value(p[:password]).with_secret(true) is_expected.to contain_ironic_config('swift/password').with_value(p[:password]).with_secret(true)
is_expected.to contain_ironic_config('swift/user_domain_name').with_value(p[:user_domain_name]) is_expected.to contain_ironic_config('swift/user_domain_name').with_value(p[:user_domain_name])
is_expected.to contain_ironic_config('swift/project_domain_name').with_value(p[:project_domain_name]) is_expected.to contain_ironic_config('swift/project_domain_name').with_value(p[:project_domain_name])
is_expected.to contain_ironic_config('swift/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/region_name').with_value(p[:region_name]) is_expected.to contain_ironic_config('swift/region_name').with_value(p[:region_name])
is_expected.to contain_ironic_config('swift/endpoint_override').with_value(p[:endpoint_override]) is_expected.to contain_ironic_config('swift/endpoint_override').with_value(p[:endpoint_override])
end end
end end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_config('swift/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_config('swift/system_scope').with_value('all')
end
end
end end
on_supported_os({ on_supported_os({