2012-01-02 15:39:23 -08:00
require 'spec_helper'
describe 'keystone' do
2014-07-17 16:22:34 -06:00
let :global_facts do
{
:processorcount = > 42 ,
:concat_basedir = > '/var/lib/puppet/concat' ,
:fqdn = > 'some.host.tld'
}
end
2012-10-14 14:16:47 -07:00
let :facts do
2015-11-21 03:24:54 +00:00
@default_facts . merge ( global_facts . merge ( {
2014-07-17 16:22:34 -06:00
:osfamily = > 'Debian' ,
:operatingsystem = > 'Debian' ,
2015-01-23 11:29:22 -07:00
:operatingsystemrelease = > '7.0' ,
:processorcount = > '1'
2015-11-21 03:24:54 +00:00
} ) )
2012-10-14 14:16:47 -07:00
end
2014-07-17 16:22:34 -06:00
default_params = {
2015-06-22 15:41:02 -06:00
'admin_token' = > 'service_token' ,
'package_ensure' = > 'present' ,
'client_package_ensure' = > 'present' ,
'public_bind_host' = > '0.0.0.0' ,
'admin_bind_host' = > '0.0.0.0' ,
'public_port' = > '5000' ,
'admin_port' = > '35357' ,
'verbose' = > false ,
'debug' = > false ,
2015-08-07 16:04:13 +03:00
'use_stderr' = > true ,
2015-06-22 15:41:02 -06:00
'catalog_type' = > 'sql' ,
'catalog_driver' = > false ,
2016-01-12 17:37:48 +08:00
'token_provider' = > 'uuid' ,
'token_driver' = > 'sql' ,
'revoke_driver' = > 'sql' ,
2015-10-27 15:48:53 +02:00
'revoke_by_id' = > true ,
2015-06-22 15:41:02 -06:00
'cache_dir' = > '/var/cache/keystone' ,
2015-12-30 11:30:56 -07:00
'memcache_servers' = > '<SERVICE DEFAULT>' ,
'cache_backend' = > '<SERVICE DEFAULT>' ,
'cache_backend_argument' = > '<SERVICE DEFAULT>' ,
'cache_enabled' = > '<SERVICE DEFAULT>' ,
'cache_memcache_servers' = > '<SERVICE DEFAULT>' ,
2015-06-22 15:41:02 -06:00
'enable_ssl' = > false ,
'ssl_certfile' = > '/etc/keystone/ssl/certs/keystone.pem' ,
'ssl_keyfile' = > '/etc/keystone/ssl/private/keystonekey.pem' ,
'ssl_ca_certs' = > '/etc/keystone/ssl/certs/ca.pem' ,
'ssl_ca_key' = > '/etc/keystone/ssl/private/cakey.pem' ,
'ssl_cert_subject' = > '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost' ,
'enabled' = > true ,
'manage_service' = > true ,
'database_connection' = > 'sqlite:////var/lib/keystone/keystone.db' ,
'database_idle_timeout' = > '200' ,
2016-02-15 14:53:33 -07:00
'enable_pki_setup' = > false ,
2015-06-22 15:41:02 -06:00
'signing_certfile' = > '/etc/keystone/ssl/certs/signing_cert.pem' ,
'signing_keyfile' = > '/etc/keystone/ssl/private/signing_key.pem' ,
'signing_ca_certs' = > '/etc/keystone/ssl/certs/ca.pem' ,
'signing_ca_key' = > '/etc/keystone/ssl/private/cakey.pem' ,
2015-11-27 20:29:05 +00:00
'rabbit_host' = > '<SERVICE DEFAULT>' ,
'rabbit_password' = > '<SERVICE DEFAULT>' ,
'rabbit_userid' = > '<SERVICE DEFAULT>' ,
'rabbit_heartbeat_timeout_threshold' = > '<SERVICE DEFAULT>' ,
'rabbit_heartbeat_rate' = > '<SERVICE DEFAULT>' ,
2015-06-22 15:41:02 -06:00
'admin_workers' = > 20 ,
'public_workers' = > 20 ,
2016-02-15 15:17:47 -05:00
'paste_config' = > '<SERVICE DEFAULT>' ,
2015-06-22 15:41:02 -06:00
'sync_db' = > true ,
2012-01-02 15:39:23 -08:00
}
2014-07-17 16:22:34 -06:00
override_params = {
2015-06-22 15:41:02 -06:00
'package_ensure' = > 'latest' ,
'client_package_ensure' = > 'latest' ,
'public_bind_host' = > '0.0.0.0' ,
'admin_bind_host' = > '0.0.0.0' ,
'public_port' = > '5001' ,
'admin_port' = > '35358' ,
'admin_token' = > 'service_token_override' ,
'verbose' = > true ,
'debug' = > true ,
2015-08-07 16:04:13 +03:00
'use_stderr' = > false ,
2015-06-22 15:41:02 -06:00
'catalog_type' = > 'template' ,
2016-01-12 17:37:48 +08:00
'token_provider' = > 'uuid' ,
'token_driver' = > 'kvs' ,
'revoke_driver' = > 'kvs' ,
2015-10-27 15:48:53 +02:00
'revoke_by_id' = > false ,
2015-06-22 15:41:02 -06:00
'public_endpoint' = > 'https://localhost:5000/v2.0/' ,
'admin_endpoint' = > 'https://localhost:35357/v2.0/' ,
'enable_ssl' = > true ,
'ssl_certfile' = > '/etc/keystone/ssl/certs/keystone.pem' ,
'ssl_keyfile' = > '/etc/keystone/ssl/private/keystonekey.pem' ,
'ssl_ca_certs' = > '/etc/keystone/ssl/certs/ca.pem' ,
'ssl_ca_key' = > '/etc/keystone/ssl/private/cakey.pem' ,
'ssl_cert_subject' = > '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost' ,
'enabled' = > false ,
'manage_service' = > true ,
'database_connection' = > 'mysql://a:b@c/d' ,
'database_idle_timeout' = > '300' ,
'enable_pki_setup' = > true ,
'signing_certfile' = > '/etc/keystone/ssl/certs/signing_cert.pem' ,
'signing_keyfile' = > '/etc/keystone/ssl/private/signing_key.pem' ,
'signing_ca_certs' = > '/etc/keystone/ssl/certs/ca.pem' ,
'signing_ca_key' = > '/etc/keystone/ssl/private/cakey.pem' ,
'rabbit_host' = > '127.0.0.1' ,
'rabbit_password' = > 'openstack' ,
'rabbit_userid' = > 'admin' ,
'rabbit_heartbeat_timeout_threshold' = > '60' ,
'rabbit_heartbeat_rate' = > '10' ,
2015-06-30 14:30:02 +03:00
'rabbit_ha_queues' = > true ,
2015-06-22 15:41:02 -06:00
'default_domain' = > 'other_domain' ,
2016-02-15 15:17:47 -05:00
'paste_config' = > '/usr/share/keystone/keystone-paste.ini' ,
2015-09-01 16:06:39 +02:00
'using_domain_config' = > false
2012-01-02 15:39:23 -08:00
}
2014-07-17 16:22:34 -06:00
httpd_params = { 'service_name' = > 'httpd' } . merge ( default_params )
shared_examples_for 'core keystone examples' do | param_hash |
2015-09-25 15:18:32 +02:00
it { is_expected . to contain_class ( 'keystone::logging' ) }
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_class ( 'keystone::params' ) }
2014-07-17 16:22:34 -06:00
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_package ( 'keystone' ) . with (
2015-02-05 20:26:43 -07:00
'ensure' = > param_hash [ 'package_ensure' ] ,
2015-07-22 15:10:25 +02:00
'tag' = > [ 'openstack' , 'keystone-package' ] ,
2014-07-17 16:22:34 -06:00
) }
2015-08-06 17:41:01 +03:00
it { is_expected . to contain_class ( 'keystone::client' ) . with (
2015-02-17 11:02:50 -07:00
'ensure' = > param_hash [ 'client_package_ensure' ] ,
) }
2015-05-06 16:32:05 +02:00
it 'should synchronize the db if $sync_db is true' do
if param_hash [ 'sync_db' ]
2015-03-15 16:32:35 +01:00
is_expected . to contain_exec ( 'keystone-manage db_sync' ) . with (
2015-07-08 13:38:00 -06:00
:command = > 'keystone-manage db_sync' ,
2014-07-17 16:22:34 -06:00
:user = > 'keystone' ,
:refreshonly = > true ,
2016-02-23 18:31:15 -07:00
:subscribe = > [ 'Anchor[keystone::install::end]' ,
'Anchor[keystone::config::end]' ,
'Anchor[keystone::dbsync::begin]' ] ,
:notify = > 'Anchor[keystone::dbsync::end]' ,
2014-07-17 16:22:34 -06:00
)
2012-01-02 15:39:23 -08:00
end
2014-07-17 16:22:34 -06:00
end
2012-01-02 15:39:23 -08:00
2016-02-25 13:54:12 -05:00
it 'should bootstrap $enable_bootstrap is true' do
if param_hash [ 'enable_bootstrap' ]
is_expected . to contain_exec ( 'keystone-manage bootstrap' ) . with (
:command = > 'keystone-manage bootstrap --bootstrap-password service_token' ,
:user = > 'keystone' ,
:refreshonly = > true
)
end
end
2014-07-17 16:22:34 -06:00
it 'should contain correct config' do
[
'public_bind_host' ,
'admin_bind_host' ,
'public_port' ,
'admin_port' ,
'verbose' ,
2015-08-07 16:04:13 +03:00
'debug' ,
'use_stderr'
2014-07-17 16:22:34 -06:00
] . each do | config |
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( " DEFAULT/ #{ config } " ) . with_value ( param_hash [ config ] )
2012-01-02 15:39:23 -08:00
end
2014-07-17 16:22:34 -06:00
end
2012-01-02 15:39:23 -08:00
2014-07-17 16:22:34 -06:00
it 'should contain correct admin_token config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'DEFAULT/admin_token' ) . with_value ( param_hash [ 'admin_token' ] ) . with_secret ( true )
2014-07-17 16:22:34 -06:00
end
2012-04-05 16:58:36 -07:00
2014-07-17 16:22:34 -06:00
it 'should contain correct mysql config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'database/idle_timeout' ) . with_value ( param_hash [ 'database_idle_timeout' ] )
is_expected . to contain_keystone_config ( 'database/connection' ) . with_value ( param_hash [ 'database_connection' ] ) . with_secret ( true )
2014-07-17 16:22:34 -06:00
end
2012-01-02 15:39:23 -08:00
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( 'token/provider' ) . with_value (
2014-07-17 16:22:34 -06:00
param_hash [ 'token_provider' ]
) }
2012-04-05 16:58:36 -07:00
2014-07-17 16:22:34 -06:00
it 'should contain correct token driver' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'token/driver' ) . with_value ( param_hash [ 'token_driver' ] )
2014-07-17 16:22:34 -06:00
end
2015-03-02 09:27:27 -07:00
it 'should contain correct revoke driver' do
2015-07-20 15:57:55 +02:00
is_expected . to contain_keystone_config ( 'revoke/driver' ) . with_value ( param_hash [ 'revoke_driver' ] )
2015-03-02 09:27:27 -07:00
end
2015-10-27 15:48:53 +02:00
it 'should contain default revoke_by_id value ' do
is_expected . to contain_keystone_config ( 'token/revoke_by_id' ) . with_value ( param_hash [ 'revoke_by_id' ] )
end
2016-02-15 15:17:47 -05:00
it 'should contain default paste_config' do
is_expected . to contain_keystone_config ( 'paste_deploy/config_file' ) . with_value ( param_hash [ 'paste_config' ] )
end
2014-07-17 16:22:34 -06:00
it 'should ensure proper setting of admin_endpoint and public_endpoint' do
if param_hash [ 'admin_endpoint' ]
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'DEFAULT/admin_endpoint' ) . with_value ( param_hash [ 'admin_endpoint' ] )
2014-07-17 16:22:34 -06:00
else
2015-11-27 20:29:05 +00:00
is_expected . to contain_keystone_config ( 'DEFAULT/admin_endpoint' ) . with_value ( '<SERVICE DEFAULT>' )
2012-10-13 20:54:37 -07:00
end
2014-07-17 16:22:34 -06:00
if param_hash [ 'public_endpoint' ]
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'DEFAULT/public_endpoint' ) . with_value ( param_hash [ 'public_endpoint' ] )
2014-07-17 16:22:34 -06:00
else
2015-11-27 20:29:05 +00:00
is_expected . to contain_keystone_config ( 'DEFAULT/public_endpoint' ) . with_value ( '<SERVICE DEFAULT>' )
2014-07-17 16:22:34 -06:00
end
end
it 'should contain correct rabbit_password' do
2015-06-22 15:41:02 -06:00
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/rabbit_password' ) . with_value ( param_hash [ 'rabbit_password' ] ) . with_secret ( true )
end
it 'should contain correct rabbit heartbeat configuration' do
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/heartbeat_timeout_threshold' ) . with_value ( param_hash [ 'rabbit_heartbeat_timeout_threshold' ] )
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/heartbeat_rate' ) . with_value ( param_hash [ 'rabbit_heartbeat_rate' ] )
2014-07-17 16:22:34 -06:00
end
2014-11-24 11:37:52 +13:00
it 'should remove max_token_size param by default' do
2015-11-27 20:29:05 +00:00
is_expected . to contain_keystone_config ( 'DEFAULT/max_token_size' ) . with_value ( '<SERVICE DEFAULT>' )
2014-11-24 11:37:52 +13:00
end
2015-01-23 11:29:22 -07:00
it 'should ensure proper setting of admin_workers and public_workers' do
if param_hash [ 'admin_workers' ]
2015-09-10 21:41:54 -06:00
is_expected . to contain_keystone_config ( 'eventlet_server/admin_workers' ) . with_value ( param_hash [ 'admin_workers' ] )
2015-01-23 11:29:22 -07:00
else
2015-09-10 21:41:54 -06:00
is_expected . to contain_keystone_config ( 'eventlet_server/admin_workers' ) . with_value ( '2' )
2015-01-23 11:29:22 -07:00
end
if param_hash [ 'public_workers' ]
2015-09-10 21:41:54 -06:00
is_expected . to contain_keystone_config ( 'eventlet_server/public_workers' ) . with_value ( param_hash [ 'public_workers' ] )
2015-01-23 11:29:22 -07:00
else
2015-09-10 21:41:54 -06:00
is_expected . to contain_keystone_config ( 'eventlet_server/public_workers' ) . with_value ( '2' )
2015-01-23 11:29:22 -07:00
end
end
2015-04-17 15:21:41 -06:00
2015-06-30 14:30:02 +03:00
it 'should ensure rabbit_ha_queues' do
if param_hash [ 'rabbit_ha_queues' ]
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/rabbit_ha_queues' ) . with_value ( param_hash [ 'rabbit_ha_queues' ] )
else
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/rabbit_ha_queues' ) . with_value ( false )
end
end
2015-04-17 15:21:41 -06:00
if param_hash [ 'default_domain' ]
it { is_expected . to contain_keystone_domain ( param_hash [ 'default_domain' ] ) . with ( :is_default = > true ) }
2015-07-24 14:24:37 -04:00
it { is_expected . to contain_anchor ( 'default_domain_created' ) }
2015-04-17 15:21:41 -06:00
end
2014-07-17 16:22:34 -06:00
end
[ default_params , override_params ] . each do | param_hash |
describe " when #{ param_hash == default_params ? " using default " : " specifying " } class parameters for service " do
let :params do
param_hash
end
it_configures 'core keystone examples' , param_hash
2012-01-02 15:39:23 -08:00
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_service ( 'keystone' ) . with (
2014-08-25 14:52:37 +02:00
'ensure' = > ( param_hash [ 'manage_service' ] && param_hash [ 'enabled' ] ) ? 'running' : 'stopped' ,
2012-06-18 10:46:01 -07:00
'enable' = > param_hash [ 'enabled' ] ,
2013-05-09 23:17:08 -04:00
'hasstatus' = > true ,
2015-07-22 15:10:25 +02:00
'hasrestart' = > true ,
'tag' = > 'keystone-service' ,
2012-01-02 15:39:23 -08:00
) }
2016-02-23 18:31:15 -07:00
it { is_expected . to contain_anchor ( 'keystone::service::end' ) }
2015-07-13 15:09:12 -04:00
2014-07-17 16:22:34 -06:00
end
end
2013-03-13 09:18:36 -07:00
2014-10-13 13:27:32 +02:00
shared_examples_for " when using default class parameters for httpd " do
2014-07-17 16:22:34 -06:00
let :params do
httpd_params
end
2013-08-13 19:14:27 +00:00
2014-07-17 16:22:34 -06:00
let :pre_condition do
2016-02-23 18:31:15 -07:00
'include ::keystone::wsgi::apache'
2014-07-17 16:22:34 -06:00
end
2014-03-03 23:37:36 -05:00
2014-07-17 16:22:34 -06:00
it_configures 'core keystone examples' , httpd_params
2014-06-11 13:26:52 +02:00
2014-07-17 16:22:34 -06:00
it do
expect {
2015-07-20 15:57:55 +02:00
is_expected . to contain_service ( platform_parameters [ :service_name ] ) . with ( 'ensure' = > 'running' )
2014-10-13 13:27:32 +02:00
} . to raise_error ( RSpec :: Expectations :: ExpectationNotMetError , / expected that the catalogue would contain Service \ [ #{ platform_parameters [ :service_name ] } \ ] / )
2013-03-13 09:18:36 -07:00
end
2014-07-17 16:22:34 -06:00
2015-07-20 15:57:55 +02:00
it { is_expected . to contain_class ( 'keystone::service' ) . with (
2014-10-13 13:27:32 +02:00
'ensure' = > 'stopped' ,
'service_name' = > platform_parameters [ :service_name ] ,
'enable' = > false ,
'validate' = > false
) }
2016-02-23 18:31:15 -07:00
it { is_expected . to contain_service ( 'httpd' ) . with_before ( / Anchor \ [keystone::service::end \ ] / ) }
2015-12-10 22:46:17 -08:00
it { is_expected . to contain_exec ( 'restart_keystone' ) . with (
'command' = > " service #{ platform_parameters [ :httpd_service_name ] } restart " ,
) }
2014-10-13 13:27:32 +02:00
end
describe 'when using invalid service name for keystone' do
let ( :params ) { { 'service_name' = > 'foo' } . merge ( default_params ) }
it_raises 'a Puppet::Error' , / Invalid service_name /
2013-03-13 09:18:36 -07:00
end
2014-02-10 14:26:27 -05:00
2014-08-25 14:52:37 +02:00
describe 'with disabled service managing' do
let :params do
{ :admin_token = > 'service_token' ,
:manage_service = > false ,
:enabled = > false }
end
it { is_expected . to contain_service ( 'keystone' ) . with (
'ensure' = > nil ,
'enable' = > false ,
'hasstatus' = > true ,
'hasrestart' = > true
) }
2016-02-23 18:31:15 -07:00
it { is_expected . to contain_anchor ( 'keystone::service::end' ) }
2014-08-25 14:52:37 +02:00
end
2014-02-10 14:26:27 -05:00
describe 'when configuring signing token provider' do
2013-03-13 09:18:36 -07:00
describe 'when configuring as UUID' do
let :params do
{
2013-09-10 15:34:34 -04:00
'admin_token' = > 'service_token' ,
'token_provider' = > 'keystone.token.providers.uuid.Provider'
2013-03-13 09:18:36 -07:00
}
end
2014-09-23 12:09:28 -07:00
2016-02-15 14:53:33 -07:00
describe 'pki_setup is disabled by default' do
2015-03-15 16:32:35 +01:00
it { is_expected . to_not contain_exec ( 'keystone-manage pki_setup' ) }
2016-02-18 10:24:55 -07:00
it { is_expected . to_not contain_file ( '/var/cache/keystone' ) . with_ensure ( 'directory' ) }
2014-09-23 12:09:28 -07:00
end
2013-03-13 09:18:36 -07:00
end
2014-02-10 14:26:27 -05:00
2013-03-13 09:18:36 -07:00
describe 'when configuring as PKI' do
let :params do
{
2016-02-15 14:53:33 -07:00
'enable_pki_setup' = > true ,
'admin_token' = > 'service_token' ,
2016-02-26 10:03:15 -05:00
'token_provider' = > 'pki'
2013-03-13 09:18:36 -07:00
}
end
2016-02-18 10:24:55 -07:00
it { is_expected . to contain_file ( '/var/cache/keystone' ) . with_ensure ( 'directory' ) }
describe 'when overriding the cache dir' do
before do
params . merge! ( :cache_dir = > '/var/lib/cache/keystone' )
end
it { is_expected . to contain_file ( '/var/lib/cache/keystone' ) }
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_exec ( 'keystone-manage pki_setup' ) . with (
2013-03-13 09:18:36 -07:00
:creates = > '/etc/keystone/ssl/private/signing_key.pem'
) }
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_file ( '/var/cache/keystone' ) . with_ensure ( 'directory' ) }
2014-02-10 14:26:27 -05:00
2013-03-13 09:18:36 -07:00
describe 'when overriding the cache dir' do
2014-02-10 14:26:27 -05:00
before do
params . merge! ( :cache_dir = > '/var/lib/cache/keystone' )
2013-03-13 09:18:36 -07:00
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_file ( '/var/lib/cache/keystone' ) }
2013-03-13 09:18:36 -07:00
end
2012-01-02 15:39:23 -08:00
end
2013-09-10 15:34:34 -04:00
2014-09-23 12:09:28 -07:00
describe 'when configuring PKI signing cert paths with UUID and with pki_setup disabled' do
let :params do
{
2014-10-16 19:25:12 +02:00
'admin_token' = > 'service_token' ,
2016-02-26 10:03:15 -05:00
'token_provider' = > 'uuid' ,
2014-10-16 19:25:12 +02:00
'enable_pki_setup' = > false ,
'signing_certfile' = > 'signing_certfile' ,
'signing_keyfile' = > 'signing_keyfile' ,
'signing_ca_certs' = > 'signing_ca_certs' ,
'signing_ca_key' = > 'signing_ca_key' ,
'signing_cert_subject' = > 'signing_cert_subject' ,
'signing_key_size' = > 2048
2014-09-23 12:09:28 -07:00
}
end
2015-03-15 16:32:35 +01:00
it { is_expected . to_not contain_exec ( 'keystone-manage pki_setup' ) }
2014-09-23 12:09:28 -07:00
it 'should contain correct PKI certfile config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/certfile' ) . with_value ( 'signing_certfile' )
2014-09-23 12:09:28 -07:00
end
it 'should contain correct PKI keyfile config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/keyfile' ) . with_value ( 'signing_keyfile' )
2014-09-23 12:09:28 -07:00
end
it 'should contain correct PKI ca_certs config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/ca_certs' ) . with_value ( 'signing_ca_certs' )
2014-09-23 12:09:28 -07:00
end
it 'should contain correct PKI ca_key config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/ca_key' ) . with_value ( 'signing_ca_key' )
2014-09-23 12:09:28 -07:00
end
2014-10-16 19:25:12 +02:00
it 'should contain correct PKI cert_subject config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/cert_subject' ) . with_value ( 'signing_cert_subject' )
2014-10-16 19:25:12 +02:00
end
it 'should contain correct PKI key_size config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/key_size' ) . with_value ( '2048' )
2014-10-16 19:25:12 +02:00
end
2014-09-23 12:09:28 -07:00
end
2014-06-19 11:29:42 -06:00
describe 'when configuring PKI signing cert paths with pki_setup disabled' do
let :params do
{
2014-10-16 19:25:12 +02:00
'admin_token' = > 'service_token' ,
2016-02-26 10:03:15 -05:00
'token_provider' = > 'pki' ,
2014-10-16 19:25:12 +02:00
'enable_pki_setup' = > false ,
'signing_certfile' = > 'signing_certfile' ,
'signing_keyfile' = > 'signing_keyfile' ,
'signing_ca_certs' = > 'signing_ca_certs' ,
'signing_ca_key' = > 'signing_ca_key' ,
'signing_cert_subject' = > 'signing_cert_subject' ,
'signing_key_size' = > 2048
2014-06-19 11:29:42 -06:00
}
end
2015-03-15 16:32:35 +01:00
it { is_expected . to_not contain_exec ( 'keystone-manage pki_setup' ) }
2014-06-19 11:29:42 -06:00
it 'should contain correct PKI certfile config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/certfile' ) . with_value ( 'signing_certfile' )
2014-06-19 11:29:42 -06:00
end
it 'should contain correct PKI keyfile config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/keyfile' ) . with_value ( 'signing_keyfile' )
2014-06-19 11:29:42 -06:00
end
it 'should contain correct PKI ca_certs config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/ca_certs' ) . with_value ( 'signing_ca_certs' )
2014-06-19 11:29:42 -06:00
end
it 'should contain correct PKI ca_key config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/ca_key' ) . with_value ( 'signing_ca_key' )
2014-06-19 11:29:42 -06:00
end
2014-10-16 19:25:12 +02:00
it 'should contain correct PKI cert_subject config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/cert_subject' ) . with_value ( 'signing_cert_subject' )
2014-10-16 19:25:12 +02:00
end
it 'should contain correct PKI key_size config' do
2015-03-15 16:32:35 +01:00
is_expected . to contain_keystone_config ( 'signing/key_size' ) . with_value ( '2048' )
2014-10-16 19:25:12 +02:00
end
2014-06-19 11:29:42 -06:00
end
2014-04-02 16:32:11 -04:00
describe 'with invalid catalog_type' do
let :params do
{ :admin_token = > 'service_token' ,
:catalog_type = > 'invalid' }
end
it_raises " a Puppet::Error " , / validate_re \ ( \ ): "invalid" does not match "template|sql" /
end
describe 'when configuring catalog driver' do
let :params do
{ :admin_token = > 'service_token' ,
2016-02-26 10:03:15 -05:00
:catalog_driver = > 'alien' }
2014-04-02 16:32:11 -04:00
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( 'catalog/driver' ) . with_value ( params [ :catalog_driver ] ) }
2014-04-02 16:32:11 -04:00
end
2012-01-02 15:39:23 -08:00
end
2013-08-28 10:20:28 +02:00
2013-12-10 10:12:43 -06:00
describe 'when configuring token expiration' do
let :params do
{
'admin_token' = > 'service_token' ,
'token_expiration' = > '42' ,
}
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( " token/expiration " ) . with_value ( '42' ) }
2013-12-10 10:12:43 -06:00
end
describe 'when not configuring token expiration' do
let :params do
{
'admin_token' = > 'service_token' ,
}
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( " token/expiration " ) . with_value ( '3600' ) }
2013-12-10 10:12:43 -06:00
end
2015-04-07 14:51:00 +02:00
describe 'when sync_db is set to false' do
let :params do
{
'admin_token' = > 'service_token' ,
'sync_db' = > false ,
}
end
it { is_expected . not_to contain_exec ( 'keystone-manage db_sync' ) }
end
2016-02-25 13:54:12 -05:00
describe 'when enable_bootstrap is set to false' do
let :params do
{
'admin_token' = > 'service_token' ,
'enable_bootstrap' = > false ,
}
end
it { is_expected . not_to contain_exec ( 'keystone-manage bootstrap' ) }
end
2013-11-19 21:44:34 -06:00
describe 'configure memcache servers if set' do
let :params do
{
2015-08-25 10:21:48 -05:00
'admin_token' = > 'service_token' ,
'memcache_servers' = > [ 'SERVER1:11211' , 'SERVER2:11211' ] ,
2016-02-26 10:03:15 -05:00
'token_driver' = > 'memcache' ,
2015-08-25 10:21:48 -05:00
'cache_backend' = > 'dogpile.cache.memcached' ,
'cache_backend_argument' = > [ 'url:SERVER1:12211' ] ,
'memcache_dead_retry' = > '60' ,
'memcache_socket_timeout' = > '2' ,
'memcache_pool_maxsize' = > '1000' ,
'memcache_pool_unused_timeout' = > '60' ,
2013-11-19 21:44:34 -06:00
}
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( " memcache/servers " ) . with_value ( 'SERVER1:11211,SERVER2:11211' ) }
it { is_expected . to contain_keystone_config ( 'cache/enabled' ) . with_value ( true ) }
2015-11-27 20:29:05 +00:00
it { is_expected . to contain_keystone_config ( 'token/caching' ) . with_value ( '<SERVICE DEFAULT>' ) }
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( 'cache/backend' ) . with_value ( 'dogpile.cache.memcached' ) }
it { is_expected . to contain_keystone_config ( 'cache/backend_argument' ) . with_value ( 'url:SERVER1:12211' ) }
2015-08-25 10:21:48 -05:00
it { is_expected . to contain_keystone_config ( 'memcache/dead_retry' ) . with_value ( '60' ) }
it { is_expected . to contain_keystone_config ( 'memcache/socket_timeout' ) . with_value ( '2' ) }
it { is_expected . to contain_keystone_config ( 'memcache/pool_maxsize' ) . with_value ( '1000' ) }
it { is_expected . to contain_keystone_config ( 'memcache/pool_unused_timeout' ) . with_value ( '60' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_dead_retry' ) . with_value ( '60' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_socket_timeout' ) . with_value ( '2' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_pool_maxsize' ) . with_value ( '1000' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_pool_unused_timeout' ) . with_value ( '60' ) }
2015-12-30 11:30:56 -07:00
it { is_expected . to contain_keystone_config ( 'cache/memcache_servers' ) . with_value ( 'SERVER1:11211,SERVER2:11211' ) }
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_package ( 'python-memcache' ) . with (
2014-07-06 13:36:20 +00:00
:name = > 'python-memcache' ,
:ensure = > 'present'
) }
2013-11-19 21:44:34 -06:00
end
2015-12-30 11:30:56 -07:00
describe 'configure cache memcache servers if set' do
let :params do
{
'admin_token' = > 'service_token' ,
'memcache_servers' = > [ 'SERVER1:11211' , 'SERVER2:11211' ] ,
2016-02-26 10:03:15 -05:00
'token_driver' = > 'memcache' ,
2015-12-30 11:30:56 -07:00
'cache_backend' = > 'dogpile.cache.memcached' ,
'cache_backend_argument' = > [ 'url:SERVER3:12211' ] ,
'cache_memcache_servers' = > [ 'SERVER3:11211' , 'SERVER4:11211' ] ,
'memcache_dead_retry' = > '60' ,
'memcache_socket_timeout' = > '2' ,
'memcache_pool_maxsize' = > '1000' ,
'memcache_pool_unused_timeout' = > '60' ,
}
end
it { is_expected . to contain_keystone_config ( " memcache/servers " ) . with_value ( 'SERVER1:11211,SERVER2:11211' ) }
it { is_expected . to contain_keystone_config ( 'cache/enabled' ) . with_value ( true ) }
it { is_expected . to contain_keystone_config ( 'token/caching' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'cache/backend' ) . with_value ( 'dogpile.cache.memcached' ) }
it { is_expected . to contain_keystone_config ( 'cache/backend_argument' ) . with_value ( 'url:SERVER3:12211' ) }
it { is_expected . to contain_keystone_config ( 'memcache/dead_retry' ) . with_value ( '60' ) }
it { is_expected . to contain_keystone_config ( 'memcache/socket_timeout' ) . with_value ( '2' ) }
it { is_expected . to contain_keystone_config ( 'memcache/pool_maxsize' ) . with_value ( '1000' ) }
it { is_expected . to contain_keystone_config ( 'memcache/pool_unused_timeout' ) . with_value ( '60' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_dead_retry' ) . with_value ( '60' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_socket_timeout' ) . with_value ( '2' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_pool_maxsize' ) . with_value ( '1000' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_pool_unused_timeout' ) . with_value ( '60' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_servers' ) . with_value ( 'SERVER3:11211,SERVER4:11211' ) }
it { is_expected . to contain_package ( 'python-memcache' ) . with (
:name = > 'python-memcache' ,
:ensure = > 'present'
) }
end
describe 'configure cache enabled if set' do
let :params do
{
'admin_token' = > 'service_token' ,
'memcache_servers' = > [ 'SERVER1:11211' , 'SERVER2:11211' ] ,
2016-02-26 10:03:15 -05:00
'token_driver' = > 'memcache' ,
2015-12-30 11:30:56 -07:00
'cache_backend' = > 'dogpile.cache.memcached' ,
'cache_backend_argument' = > [ 'url:SERVER3:12211' ] ,
'cache_enabled' = > false ,
'cache_memcache_servers' = > [ 'SERVER3:11211' , 'SERVER4:11211' ] ,
'memcache_dead_retry' = > '60' ,
'memcache_socket_timeout' = > '2' ,
'memcache_pool_maxsize' = > '1000' ,
'memcache_pool_unused_timeout' = > '60' ,
}
end
it { is_expected . to contain_keystone_config ( " memcache/servers " ) . with_value ( 'SERVER1:11211,SERVER2:11211' ) }
it { is_expected . to contain_keystone_config ( 'cache/enabled' ) . with_value ( false ) }
it { is_expected . to contain_keystone_config ( 'token/caching' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'cache/backend' ) . with_value ( 'dogpile.cache.memcached' ) }
it { is_expected . to contain_keystone_config ( 'cache/backend_argument' ) . with_value ( 'url:SERVER3:12211' ) }
it { is_expected . to contain_keystone_config ( 'memcache/dead_retry' ) . with_value ( '60' ) }
it { is_expected . to contain_keystone_config ( 'memcache/socket_timeout' ) . with_value ( '2' ) }
it { is_expected . to contain_keystone_config ( 'memcache/pool_maxsize' ) . with_value ( '1000' ) }
it { is_expected . to contain_keystone_config ( 'memcache/pool_unused_timeout' ) . with_value ( '60' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_dead_retry' ) . with_value ( '60' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_socket_timeout' ) . with_value ( '2' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_pool_maxsize' ) . with_value ( '1000' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_pool_unused_timeout' ) . with_value ( '60' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_servers' ) . with_value ( 'SERVER3:11211,SERVER4:11211' ) }
it { is_expected . to contain_package ( 'python-memcache' ) . with (
:name = > 'python-memcache' ,
:ensure = > 'present'
) }
end
describe 'configure memcache servers with a string' do
let :params do
default_params . merge ( {
'memcache_servers' = > 'SERVER1:11211,SERVER2:11211' ,
'cache_memcache_servers' = > 'SERVER3:11211,SERVER4:11211'
} )
end
it { is_expected . to contain_keystone_config ( " memcache/servers " ) . with_value ( 'SERVER1:11211,SERVER2:11211' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_servers' ) . with_value ( 'SERVER3:11211,SERVER4:11211' ) }
end
2013-11-19 21:44:34 -06:00
describe 'do not configure memcache servers when not set' do
let :params do
default_params
end
2015-12-30 11:30:56 -07:00
it { is_expected . to contain_keystone_config ( " cache/enabled " ) . with_value ( '<SERVICE DEFAULT>' ) }
2015-11-27 20:29:05 +00:00
it { is_expected . to contain_keystone_config ( " token/caching " ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( " cache/backend " ) . with_value ( '<SERVICE DEFAULT>' ) }
2015-12-30 11:30:56 -07:00
it { is_expected . to contain_keystone_config ( " cache/backend_argument " ) . with_value ( '<SERVICE DEFAULT>' ) }
2015-11-27 20:29:05 +00:00
it { is_expected . to contain_keystone_config ( " cache/debug_cache_backend " ) . with_value ( '<SERVICE DEFAULT>' ) }
2015-12-30 11:30:56 -07:00
it { is_expected . to contain_keystone_config ( " memcache/servers " ) . with_value ( '<SERVICE DEFAULT>' ) }
2015-11-27 20:29:05 +00:00
it { is_expected . to contain_keystone_config ( 'memcache/dead_retry' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'memcache/pool_maxsize' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'memcache/pool_unused_timeout' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_dead_retry' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_socket_timeout' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_pool_maxsize' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'cache/memcache_pool_unused_timeout' ) . with_value ( '<SERVICE DEFAULT>' ) }
2015-12-30 11:30:56 -07:00
it { is_expected . to contain_keystone_config ( 'cache/memcache_servers' ) . with_value ( '<SERVICE DEFAULT>' ) }
2013-11-19 21:44:34 -06:00
end
2014-02-11 10:11:43 -05:00
describe 'when enabling SSL' do
let :params do
{
'admin_token' = > 'service_token' ,
'enable_ssl' = > true ,
2014-03-03 23:37:36 -05:00
'public_endpoint' = > 'https://localhost:5000/v2.0/' ,
'admin_endpoint' = > 'https://localhost:35357/v2.0/' ,
2014-02-11 10:11:43 -05:00
}
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( 'ssl/enable' ) . with_value ( true ) }
it { is_expected . to contain_keystone_config ( 'ssl/certfile' ) . with_value ( '/etc/keystone/ssl/certs/keystone.pem' ) }
it { is_expected . to contain_keystone_config ( 'ssl/keyfile' ) . with_value ( '/etc/keystone/ssl/private/keystonekey.pem' ) }
it { is_expected . to contain_keystone_config ( 'ssl/ca_certs' ) . with_value ( '/etc/keystone/ssl/certs/ca.pem' ) }
it { is_expected . to contain_keystone_config ( 'ssl/ca_key' ) . with_value ( '/etc/keystone/ssl/private/cakey.pem' ) }
it { is_expected . to contain_keystone_config ( 'ssl/cert_subject' ) . with_value ( '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost' ) }
it { is_expected . to contain_keystone_config ( 'DEFAULT/public_endpoint' ) . with_value ( 'https://localhost:5000/v2.0/' ) }
it { is_expected . to contain_keystone_config ( 'DEFAULT/admin_endpoint' ) . with_value ( 'https://localhost:35357/v2.0/' ) }
2014-02-11 10:11:43 -05:00
end
describe 'when disabling SSL' do
let :params do
{
'admin_token' = > 'service_token' ,
'enable_ssl' = > false ,
}
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( 'ssl/enable' ) . with_value ( false ) }
2015-11-27 20:29:05 +00:00
it { is_expected . to contain_keystone_config ( 'DEFAULT/public_endpoint' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'DEFAULT/admin_endpoint' ) . with_value ( '<SERVICE DEFAULT>' ) }
2014-02-11 10:11:43 -05:00
end
2014-02-12 15:25:21 +08:00
describe 'not setting notification settings by default' do
let :params do
default_params
end
2015-11-27 20:29:05 +00:00
it { is_expected . to contain_keystone_config ( 'DEFAULT/notification_driver' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'DEFAULT/notification_topics' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'DEFAULT/notification_format' ) . with_value ( '<SERVICE DEFAULT>' ) }
it { is_expected . to contain_keystone_config ( 'DEFAULT/control_exchange' ) . with_value ( '<SERVICE DEFAULT>' ) }
2014-02-12 15:25:21 +08:00
end
2014-06-10 12:36:43 -04:00
describe 'with RabbitMQ communication SSLed' do
let :params do
default_params . merge! ( {
:rabbit_use_ssl = > true ,
:kombu_ssl_ca_certs = > '/path/to/ssl/ca/certs' ,
:kombu_ssl_certfile = > '/path/to/ssl/cert/file' ,
:kombu_ssl_keyfile = > '/path/to/ssl/keyfile' ,
2015-01-02 20:48:44 +01:00
:kombu_ssl_version = > 'TLSv1'
2014-06-10 12:36:43 -04:00
} )
end
it do
2015-06-22 15:41:02 -06:00
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/rabbit_use_ssl' ) . with_value ( 'true' )
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/kombu_ssl_ca_certs' ) . with_value ( '/path/to/ssl/ca/certs' )
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/kombu_ssl_certfile' ) . with_value ( '/path/to/ssl/cert/file' )
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/kombu_ssl_keyfile' ) . with_value ( '/path/to/ssl/keyfile' )
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/kombu_ssl_version' ) . with_value ( 'TLSv1' )
2014-06-10 12:36:43 -04:00
end
end
describe 'with RabbitMQ communication not SSLed' do
let :params do
default_params . merge! ( {
2015-11-27 20:29:05 +00:00
:rabbit_use_ssl = > '<SERVICE DEFAULT>' ,
:kombu_ssl_ca_certs = > '<SERVICE DEFAULT>' ,
:kombu_ssl_certfile = > '<SERVICE DEFAULT>' ,
:kombu_ssl_keyfile = > '<SERVICE DEFAULT>' ,
:kombu_ssl_version = > '<SERVICE DEFAULT>'
2014-06-10 12:36:43 -04:00
} )
end
it do
2015-11-27 20:29:05 +00:00
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/rabbit_use_ssl' ) . with_value ( '<SERVICE DEFAULT>' )
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/kombu_ssl_ca_certs' ) . with_value ( '<SERVICE DEFAULT>' )
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/kombu_ssl_certfile' ) . with_value ( '<SERVICE DEFAULT>' )
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/kombu_ssl_keyfile' ) . with_value ( '<SERVICE DEFAULT>' )
is_expected . to contain_keystone_config ( 'oslo_messaging_rabbit/kombu_ssl_version' ) . with_value ( '<SERVICE DEFAULT>' )
2014-06-10 12:36:43 -04:00
end
end
2014-11-24 11:37:52 +13:00
describe 'when configuring max_token_size' do
let :params do
default_params . merge ( { :max_token_size = > '16384' } )
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( 'DEFAULT/max_token_size' ) . with_value ( params [ :max_token_size ] ) }
2014-11-24 11:37:52 +13:00
end
2014-02-12 15:25:21 +08:00
describe 'setting notification settings' do
let :params do
default_params . merge ( {
:notification_driver = > 'keystone.openstack.common.notifier.rpc_notifier' ,
:notification_topics = > 'notifications' ,
2015-04-16 09:18:42 -06:00
:notification_format = > 'cadf' ,
2014-02-12 15:25:21 +08:00
:control_exchange = > 'keystone'
} )
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( 'DEFAULT/notification_driver' ) . with_value ( 'keystone.openstack.common.notifier.rpc_notifier' ) }
it { is_expected . to contain_keystone_config ( 'DEFAULT/notification_topics' ) . with_value ( 'notifications' ) }
2015-04-16 09:18:42 -06:00
it { is_expected . to contain_keystone_config ( 'DEFAULT/notification_format' ) . with_value ( 'cadf' ) }
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( 'DEFAULT/control_exchange' ) . with_value ( 'keystone' ) }
2014-02-12 15:25:21 +08:00
end
2015-11-02 18:49:28 +02:00
describe 'setting sql policy driver' do
let :params do
default_params . merge ( { :policy_driver = > 'sql' } )
end
it { is_expected . to contain_keystone_config ( 'policy/driver' ) . with_value ( 'sql' ) }
end
2014-03-27 12:49:41 +01:00
describe 'setting sql (default) catalog' do
let :params do
default_params
end
2016-02-26 10:03:15 -05:00
it { is_expected . to contain_keystone_config ( 'catalog/driver' ) . with_value ( 'sql' ) }
2014-03-27 12:49:41 +01:00
end
describe 'setting default template catalog' do
let :params do
{
:admin_token = > 'service_token' ,
:catalog_type = > 'template'
}
end
2016-02-26 10:03:15 -05:00
it { is_expected . to contain_keystone_config ( 'catalog/driver' ) . with_value ( 'templated' ) }
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( 'catalog/template_file' ) . with_value ( '/etc/keystone/default_catalog.templates' ) }
2014-03-27 12:49:41 +01:00
end
2014-08-04 23:34:21 +10:00
describe 'with overridden validation_auth_url' do
let :params do
{
:admin_token = > 'service_token' ,
:validate_service = > true ,
:validate_auth_url = > 'http://some.host:35357/v2.0' ,
:admin_endpoint = > 'http://some.host:35357'
}
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( 'DEFAULT/admin_endpoint' ) . with_value ( 'http://some.host:35357' ) }
it { is_expected . to contain_class ( 'keystone::service' ) . with (
2014-08-04 23:34:21 +10:00
'validate' = > true ,
'admin_endpoint' = > 'http://some.host:35357/v2.0'
) }
end
describe 'with service validation' do
let :params do
{
:admin_token = > 'service_token' ,
:validate_service = > true ,
:admin_endpoint = > 'http://some.host:35357'
}
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_class ( 'keystone::service' ) . with (
2014-08-04 23:34:21 +10:00
'validate' = > true ,
'admin_endpoint' = > 'http://some.host:35357'
) }
end
2014-03-27 12:49:41 +01:00
describe 'setting another template catalog' do
let :params do
{
:admin_token = > 'service_token' ,
:catalog_type = > 'template' ,
:catalog_template_file = > '/some/template_file'
}
end
2016-02-26 10:03:15 -05:00
it { is_expected . to contain_keystone_config ( 'catalog/driver' ) . with_value ( 'templated' ) }
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_keystone_config ( 'catalog/template_file' ) . with_value ( '/some/template_file' ) }
2014-03-27 12:49:41 +01:00
end
2014-04-10 14:34:35 +04:00
describe 'setting service_provider' do
let :facts do
2015-11-21 03:24:54 +00:00
@default_facts . merge ( global_facts . merge ( {
2014-07-17 16:22:34 -06:00
:osfamily = > 'RedHat' ,
:operatingsystemrelease = > '6.0'
2015-11-21 03:24:54 +00:00
} ) )
2014-04-10 14:34:35 +04:00
end
describe 'with default service_provider' do
let :params do
{ 'admin_token' = > 'service_token' }
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_service ( 'keystone' ) . with (
2014-04-10 14:34:35 +04:00
:provider = > nil
) }
end
describe 'with overrided service_provider' do
let :params do
{
'admin_token' = > 'service_token' ,
'service_provider' = > 'pacemaker'
}
end
2015-03-15 16:32:35 +01:00
it { is_expected . to contain_service ( 'keystone' ) . with (
2014-04-10 14:34:35 +04:00
:provider = > 'pacemaker'
) }
end
end
2014-12-23 08:42:06 +00:00
2015-05-25 12:47:09 -06:00
describe 'when using fernet tokens' do
describe 'when enabling fernet_setup' do
let :params do
default_params . merge ( {
'enable_fernet_setup' = > true ,
'fernet_max_active_keys' = > 5 ,
2015-10-27 15:48:53 +02:00
'revoke_by_id' = > false ,
2016-03-05 16:34:08 -05:00
'keystone_user' = > 'keystone' ,
'keystone_group' = > 'keystone'
2015-05-25 12:47:09 -06:00
} )
end
it { is_expected . to contain_exec ( 'keystone-manage fernet_setup' ) . with (
2016-03-05 16:34:08 -05:00
:command = > 'keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone' ,
2015-05-25 12:47:09 -06:00
:creates = > '/etc/keystone/fernet-keys/0'
) }
it { is_expected . to contain_keystone_config ( 'fernet_tokens/max_active_keys' ) . with_value ( 5 ) }
2015-10-27 15:48:53 +02:00
it { is_expected . to contain_keystone_config ( 'token/revoke_by_id' ) . with_value ( false ) }
2015-05-25 12:47:09 -06:00
end
describe 'when overriding the fernet key directory' do
let :params do
default_params . merge ( {
'enable_fernet_setup' = > true ,
'fernet_key_repository' = > '/var/lib/fernet-keys' ,
} )
end
it { is_expected . to contain_exec ( 'keystone-manage fernet_setup' ) . with (
:creates = > '/var/lib/fernet-keys/0'
) }
end
end
2015-07-30 10:16:30 -04:00
shared_examples_for " when configuring default domain " do
describe 'with default domain and eventlet service is managed and enabled' do
2015-04-17 15:21:41 -06:00
let :params do
default_params . merge ( {
'default_domain' = > 'test' ,
} )
end
2015-07-30 10:16:30 -04:00
it { is_expected . to contain_exec ( 'restart_keystone' ) . with (
'command' = > " service #{ platform_parameters [ :service_name ] } restart " ,
) }
it { is_expected . to contain_anchor ( 'default_domain_created' ) }
end
describe 'with default domain and wsgi service is managed and enabled' do
let :pre_condition do
'include ::apache'
end
let :params do
default_params . merge ( {
'default_domain' = > 'test' ,
'service_name' = > 'httpd' ,
} )
end
2015-07-24 14:24:37 -04:00
it { is_expected . to contain_anchor ( 'default_domain_created' ) }
2015-04-17 15:21:41 -06:00
end
describe 'with default domain and service is not managed' do
let :params do
default_params . merge ( {
'default_domain' = > 'test' ,
'manage_service' = > false ,
} )
end
it { is_expected . to_not contain_exec ( 'restart_keystone' ) }
2015-07-24 14:24:37 -04:00
it { is_expected . to contain_anchor ( 'default_domain_created' ) }
2015-04-17 15:21:41 -06:00
end
end
2014-10-13 13:27:32 +02:00
context 'on RedHat platforms' do
let :facts do
2015-11-21 03:24:54 +00:00
@default_facts . merge ( global_facts . merge ( {
2014-10-13 13:27:32 +02:00
:osfamily = > 'RedHat' ,
:operatingsystemrelease = > '7.0'
2015-11-21 03:24:54 +00:00
} ) )
2014-10-13 13:27:32 +02:00
end
let :platform_parameters do
{
2015-07-30 10:16:30 -04:00
:service_name = > 'openstack-keystone' ,
:httpd_service_name = > 'httpd' ,
2014-10-13 13:27:32 +02:00
}
end
it_configures 'when using default class parameters for httpd'
2015-07-30 10:16:30 -04:00
it_configures 'when configuring default domain'
2014-10-13 13:27:32 +02:00
end
context 'on Debian platforms' do
let :facts do
2015-11-21 03:24:54 +00:00
@default_facts . merge ( global_facts . merge ( {
2014-10-13 13:27:32 +02:00
:osfamily = > 'Debian' ,
:operatingsystem = > 'Debian' ,
:operatingsystemrelease = > '7.0'
2015-11-21 03:24:54 +00:00
} ) )
2014-10-13 13:27:32 +02:00
end
let :platform_parameters do
{
2015-07-30 10:16:30 -04:00
:service_name = > 'keystone' ,
:httpd_service_name = > 'apache2' ,
2014-10-13 13:27:32 +02:00
}
end
it_configures 'when using default class parameters for httpd'
2015-07-30 10:16:30 -04:00
it_configures 'when configuring default domain'
2014-10-13 13:27:32 +02:00
end
2015-10-27 15:48:53 +02:00
2015-09-01 16:06:39 +02:00
describe " when configuring using_domain_config " do
describe 'with default config' do
let :params do
default_params
end
it { is_expected . to_not contain_file ( '/etc/keystone/domains' ) }
end
describe 'when using domain config' do
let :params do
default_params . merge ( {
'using_domain_config' = > true ,
} )
end
it { is_expected . to contain_file ( '/etc/keystone/domains' ) . with (
'ensure' = > " directory " ,
) }
it { is_expected
. to contain_keystone_config ( 'identity/domain_specific_drivers_enabled' )
. with ( 'value' = > true ,
) }
it { is_expected
. to contain_keystone_config ( 'identity/domain_config_dir' )
. with ( 'value' = > '/etc/keystone/domains' ,
) }
end
describe 'when using domain config and a wrong directory' do
let :params do
default_params . merge ( {
'using_domain_config' = > true ,
'domain_config_directory' = > 'this/is/not/an/absolute/path'
} )
end
it 'should raise an error' do
expect { should contain_file ( '/etc/keystone/domains' ) }
. to raise_error ( Puppet :: Error , %r( this/is/not/an/absolute/path" is not ) )
end
end
describe 'when setting domain directory and not using domain config' do
let :params do
default_params . merge ( {
'using_domain_config' = > false ,
'domain_config_directory' = > '/this/is/an/absolute/path'
} )
end
it 'should raise an error' do
expect { should contain_file ( '/etc/keystone/domains' ) }
. to raise_error ( Puppet :: Error , %r( You must activate domain ) )
end
end
describe 'when setting domain directory and using domain config' do
let :params do
default_params . merge ( {
'using_domain_config' = > true ,
'domain_config_directory' = > '/this/is/an/absolute/path'
} )
end
it { is_expected . to contain_file ( '/this/is/an/absolute/path' ) . with (
'ensure' = > " directory " ,
) }
end
end
2012-01-02 15:39:23 -08:00
end
