openstack
/
puppet-keystone
Code Issues Proposed changes

Specify user and project domains for admin role 

In keystone::roles::admin, admin_project_domain and admin_user_domain
are not applied to the admin role. This results in errors when
applying the role as it uses the "Default" domain in
keystone_user_role:

  class { '::keystone::roles::admin':
    email => 'marcus@aptira.com',
    password => $admin_password,
    admin => 'admin', # username
    admin_tenant => 'admin', # project name
    admin_user_domain => 'admin', # domain for user
    admin_project_domain => 'admin', # domain for project
  }

Error: /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin@admin]: Could not evaluate: No project admin with domain Default found

This patch adds the admin_project_domain and the admin_user_domain to the
role.

Change-Id: Ia3f899dfb78b0887f31ee82d6b21d2fb2536ad84
Closes-Bug: #1533913
This commit is contained in:
Marcus Furlong 2016-01-14 11:57:11 +11:00
parent cfa106045f
commit 19ee7b4a3c
2 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
manifests/roles/admin.pp
View File

@ -121,8 +121,10 @@ class keystone::roles::admin(
if $configure_user_role {
keystone_user_role { "${admin}@${admin_tenant}":
ensure => present,
roles => $admin_roles,
ensure => present,
user_domain => $admin_user_domain,
project_domain => $admin_project_domain,
roles => $admin_roles,
}
}

24
spec/classes/keystone_roles_admin_spec.rb
View File

@ -29,8 +29,10 @@ describe 'keystone::roles::admin' do
)}
it { is_expected.to contain_keystone_role('admin').with_ensure('present') }
it { is_expected.to contain_keystone_user_role('admin@openstack').with(
:roles => ['admin'],
:ensure => 'present'
:roles => ['admin'],
:ensure => 'present',
:user_domain => nil,
:project_domain => nil,
)}
end
@ -67,8 +69,10 @@ describe 'keystone::roles::admin' do
:password => 'foo',
)}
it { is_expected.to contain_keystone_user_role('admin@admin').with(
:roles => ['admin', 'heat_stack_owner'],
:ensure => 'present'
:roles => ['admin', 'heat_stack_owner'],
:ensure => 'present',
:user_domain => nil,
:project_domain => nil,
)}
end
@ -116,6 +120,12 @@ describe 'keystone::roles::admin' do
it { is_expected.to contain_keystone_tenant('admin_tenant').with(:domain => 'admin_project_domain') }
it { is_expected.to contain_keystone_domain('admin_user_domain') }
it { is_expected.to contain_keystone_domain('admin_project_domain') }
it { is_expected.to contain_keystone_user_role('admin@admin_tenant').with(
:roles => ['admin'],
:ensure => 'present',
:user_domain => 'admin_user_domain',
:project_domain => 'admin_project_domain',
)}
end
@ -135,6 +145,12 @@ describe 'keystone::roles::admin' do
it { is_expected.to contain_keystone_tenant('admin_tenant::admin_project_domain').with(:domain => 'admin_project_domain') }
it { is_expected.to contain_keystone_domain('admin_user_domain') }
it { is_expected.to contain_keystone_domain('admin_project_domain') }
it { is_expected.to contain_keystone_user_role('admin@admin_tenant::admin_project_domain').with(
:roles => ['admin'],
:ensure => 'present',
:user_domain => 'admin_user_domain',
:project_domain => 'admin_project_domain',
)}
end