use stevedore names when possible and cleanup ldap testing
Instead of using long backend/drivers name, use short name and stevedore will load plugins for us. It will prevent this kind of message in logs: Failed to load 'keystone.catalog.backends.sql.Catalog' using stevedore: No 'keystone.catalog' driver found, Also cleanup unit and functional tests that were setting wrong credential & assignment drivers. Change-Id: Id3b8ed63ef9a821eba5374af7ed0fd1c8d755e09
This commit is contained in:
Emilien Macchi
parent
c18e00e30f
commit
1f051ca9b7
@ -65,8 +65,7 @@ keystone::ldap_backend { 'domain_1':
|
||||
role_allow_create => 'True',
|
||||
role_allow_update => 'True',
|
||||
role_allow_delete => 'True',
|
||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
||||
assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
|
||||
identity_driver => 'ldap',
|
||||
use_tls => 'True',
|
||||
tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
||||
tls_req_cert => 'demand',
|
||||
@ -121,8 +120,7 @@ keystone::ldap_backend { 'domain_2':
|
||||
role_allow_create => 'True',
|
||||
role_allow_update => 'True',
|
||||
role_allow_delete => 'True',
|
||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
||||
assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
|
||||
identity_driver => 'ldap',
|
||||
use_tls => 'True',
|
||||
tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
||||
tls_req_cert => 'demand',
|
||||
|
||||
@ -58,8 +58,7 @@ class { '::keystone:ldap':
|
||||
role_allow_create => 'True',
|
||||
role_allow_update => 'True',
|
||||
role_allow_delete => 'True',
|
||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
||||
assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
|
||||
identity_driver => 'ldap',
|
||||
use_tls => 'True',
|
||||
tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
||||
tls_req_cert => 'demand',
|
||||
|
||||
@ -12,7 +12,7 @@ class { '::keystone::roles::admin':
|
||||
# This was tested against a FreeIPA box, you will likely need to change the
|
||||
# attributes to match your configuration.
|
||||
class { '::keystone:ldap':
|
||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
||||
identity_driver => 'ldap',
|
||||
url => 'ldap://ldap.example.com:389',
|
||||
user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com',
|
||||
password => 'SecretPass',
|
||||
|
||||
@ -60,12 +60,12 @@
|
||||
#
|
||||
# [*token_provider*]
|
||||
# (optional) Format keystone uses for tokens.
|
||||
# Defaults to 'keystone.token.providers.uuid.Provider'
|
||||
# Defaults to 'uuid'
|
||||
# Supports PKI, PKIZ, Fernet, and UUID.
|
||||
#
|
||||
# [*token_driver*]
|
||||
# (optional) Driver to use for managing tokens.
|
||||
# Defaults to 'keystone.token.persistence.backends.sql.Token'
|
||||
# Defaults to 'sql'
|
||||
#
|
||||
# [*token_expiration*]
|
||||
# (optional) Amount of time a token should remain valid (seconds).
|
||||
@ -92,7 +92,7 @@
|
||||
# (optional) List of memcache servers as a comma separated string of
|
||||
# 'server:port,server:port' or an array of servers ['server:port',
|
||||
# 'server:port'].
|
||||
# Used with token_driver 'keystone.token.backends.memcache.Token'.
|
||||
# Used with token_driver 'memcache'.
|
||||
# This configures the memcache/servers for keystone and is used as a default
|
||||
# for $cache_memcache_servers if it is not specified.
|
||||
# Defaults to $::os_service_default
|
||||
@ -525,8 +525,8 @@ class keystone(
|
||||
$catalog_type = 'sql',
|
||||
$catalog_driver = false,
|
||||
$catalog_template_file = '/etc/keystone/default_catalog.templates',
|
||||
$token_provider = 'keystone.token.providers.uuid.Provider',
|
||||
$token_driver = 'keystone.token.persistence.backends.sql.Token',
|
||||
$token_provider = 'uuid',
|
||||
$token_driver = 'sql',
|
||||
$token_expiration = 3600,
|
||||
$revoke_driver = $::os_service_default,
|
||||
$revoke_by_id = true,
|
||||
@ -695,10 +695,6 @@ class keystone(
|
||||
'revoke/driver': value => $revoke_driver;
|
||||
}
|
||||
|
||||
if ($policy_driver =~ /^keystone\.policy\.backends\..*Policy$/) {
|
||||
warning('policy driver form \'keystone.policy.backends.*Policy\' is deprecated')
|
||||
}
|
||||
|
||||
keystone_config {
|
||||
'policy/driver': value => $policy_driver;
|
||||
}
|
||||
@ -762,10 +758,10 @@ class keystone(
|
||||
$catalog_driver_real = $catalog_driver
|
||||
}
|
||||
elsif ($catalog_type == 'template') {
|
||||
$catalog_driver_real = 'keystone.catalog.backends.templated.Catalog'
|
||||
$catalog_driver_real = 'templated'
|
||||
}
|
||||
elsif ($catalog_type == 'sql') {
|
||||
$catalog_driver_real = 'keystone.catalog.backends.sql.Catalog'
|
||||
$catalog_driver_real = 'sql'
|
||||
}
|
||||
|
||||
keystone_config {
|
||||
|
||||
@ -669,25 +669,6 @@ class keystone::ldap(
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
# check for some common driver name mistakes
|
||||
if ($assignment_driver != undef) {
|
||||
if ! ($assignment_driver =~ /^keystone.assignment.backends.*Assignment$/) {
|
||||
fail('assignment driver should be of the form \'keystone.assignment.backends.*Assignment\'')
|
||||
}
|
||||
}
|
||||
|
||||
if ($identity_driver != undef) {
|
||||
if ! ($identity_driver =~ /^keystone.identity.backends.*Identity$/) {
|
||||
fail('identity driver should be of the form \'keystone.identity.backends.*Identity\'')
|
||||
}
|
||||
}
|
||||
|
||||
if ($credential_driver != undef) {
|
||||
if ! ($credential_driver =~ /^keystone.credential.backends.*Credential$/) {
|
||||
fail('credential driver should be of the form \'keystone.credential.backends.*Credential\'')
|
||||
}
|
||||
}
|
||||
|
||||
if ($tls_cacertdir != undef) {
|
||||
file { $tls_cacertdir:
|
||||
ensure => directory
|
||||
|
||||
@ -685,25 +685,6 @@ define keystone::ldap_backend(
|
||||
require => Package['keystone'],
|
||||
})
|
||||
|
||||
# check for some common driver name mistakes
|
||||
if ($assignment_driver != undef) {
|
||||
if ! ($assignment_driver =~ /^keystone.assignment.backends.*Assignment$/) {
|
||||
fail('assigment driver should be of the form \'keystone.assignment.backends.*Assignment\'')
|
||||
}
|
||||
}
|
||||
|
||||
if ($identity_driver != undef) {
|
||||
if ! ($identity_driver =~ /^keystone.identity.backends.*Identity$/) {
|
||||
fail('identity driver should be of the form \'keystone.identity.backends.*Identity\'')
|
||||
}
|
||||
}
|
||||
|
||||
if ($credential_driver != undef) {
|
||||
if ! ($credential_driver =~ /^keystone.credential.backends.*Credential$/) {
|
||||
fail('credential driver should be of the form \'keystone.credential.backends.*Credential\'')
|
||||
}
|
||||
}
|
||||
|
||||
if ($tls_cacertdir != undef) {
|
||||
ensure_resource('file', $tls_cacertdir, { ensure => directory })
|
||||
}
|
||||
|
||||
@ -397,16 +397,12 @@ EOC
|
||||
keystone::ldap_backend { 'domain_1_ldap_backend':
|
||||
url => 'ldap://foo',
|
||||
user => 'cn=foo,dc=example,dc=com',
|
||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
||||
credential_driver => 'keystone.credential.backends.ldap.Credential',
|
||||
assignment_driver => 'keystone.assignment.backends.ldap.Assignment'
|
||||
identity_driver => 'ldap',
|
||||
}
|
||||
keystone::ldap_backend { 'domain_2_ldap_backend':
|
||||
url => 'ldap://bar',
|
||||
user => 'cn=bar,dc=test,dc=com',
|
||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
||||
credential_driver => 'keystone.credential.backends.ldap.Credential',
|
||||
assignment_driver => 'keystone.assignment.backends.ldap.Assignment'
|
||||
identity_driver => 'ldap',
|
||||
}
|
||||
EOM
|
||||
end
|
||||
|
||||
@ -72,9 +72,7 @@ describe 'keystone::ldap' do
|
||||
:tls_cacertdir => '/etc/ssl/certs/',
|
||||
:tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
||||
:tls_req_cert => 'demand',
|
||||
:identity_driver => 'keystone.identity.backends.ldap.Identity',
|
||||
:credential_driver => 'keystone.credential.backends.ldap.Credential',
|
||||
:assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
|
||||
:identity_driver => 'ldap',
|
||||
:use_pool => 'True',
|
||||
:pool_size => 20,
|
||||
:pool_retry_max => 2,
|
||||
@ -182,9 +180,7 @@ describe 'keystone::ldap' do
|
||||
is_expected.to contain_keystone_config('ldap/auth_pool_connection_lifetime').with_value('200')
|
||||
|
||||
# drivers
|
||||
is_expected.to contain_keystone_config('identity/driver').with_value('keystone.identity.backends.ldap.Identity')
|
||||
is_expected.to contain_keystone_config('credential/driver').with_value('keystone.credential.backends.ldap.Credential')
|
||||
is_expected.to contain_keystone_config('assignment/driver').with_value('keystone.assignment.backends.ldap.Assignment')
|
||||
is_expected.to contain_keystone_config('identity/driver').with_value('ldap')
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@ -338,7 +338,7 @@ describe 'keystone' do
|
||||
{
|
||||
'enable_pki_setup' => true,
|
||||
'admin_token' => 'service_token',
|
||||
'token_provider' => 'keystone.token.providers.pki.Provider'
|
||||
'token_provider' => 'pki'
|
||||
}
|
||||
end
|
||||
|
||||
@ -368,7 +368,7 @@ describe 'keystone' do
|
||||
let :params do
|
||||
{
|
||||
'admin_token' => 'service_token',
|
||||
'token_provider' => 'keystone.token.providers.uuid.Provider',
|
||||
'token_provider' => 'uuid',
|
||||
'enable_pki_setup' => false,
|
||||
'signing_certfile' => 'signing_certfile',
|
||||
'signing_keyfile' => 'signing_keyfile',
|
||||
@ -410,7 +410,7 @@ describe 'keystone' do
|
||||
let :params do
|
||||
{
|
||||
'admin_token' => 'service_token',
|
||||
'token_provider' => 'keystone.token.providers.pki.Provider',
|
||||
'token_provider' => 'pki',
|
||||
'enable_pki_setup' => false,
|
||||
'signing_certfile' => 'signing_certfile',
|
||||
'signing_keyfile' => 'signing_keyfile',
|
||||
@ -460,7 +460,7 @@ describe 'keystone' do
|
||||
describe 'when configuring catalog driver' do
|
||||
let :params do
|
||||
{ :admin_token => 'service_token',
|
||||
:catalog_driver => 'keystone.catalog.backends.alien.AlienCatalog' }
|
||||
:catalog_driver => 'alien' }
|
||||
end
|
||||
|
||||
it { is_expected.to contain_keystone_config('catalog/driver').with_value(params[:catalog_driver]) }
|
||||
@ -504,7 +504,7 @@ describe 'keystone' do
|
||||
{
|
||||
'admin_token' => 'service_token',
|
||||
'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ],
|
||||
'token_driver' => 'keystone.token.backends.memcache.Token',
|
||||
'token_driver' => 'memcache',
|
||||
'cache_backend' => 'dogpile.cache.memcached',
|
||||
'cache_backend_argument' => ['url:SERVER1:12211'],
|
||||
'memcache_dead_retry' => '60',
|
||||
@ -539,7 +539,7 @@ describe 'keystone' do
|
||||
{
|
||||
'admin_token' => 'service_token',
|
||||
'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ],
|
||||
'token_driver' => 'keystone.token.backends.memcache.Token',
|
||||
'token_driver' => 'memcache',
|
||||
'cache_backend' => 'dogpile.cache.memcached',
|
||||
'cache_backend_argument' => ['url:SERVER3:12211'],
|
||||
'cache_memcache_servers' => [ 'SERVER3:11211', 'SERVER4:11211' ],
|
||||
@ -575,7 +575,7 @@ describe 'keystone' do
|
||||
{
|
||||
'admin_token' => 'service_token',
|
||||
'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ],
|
||||
'token_driver' => 'keystone.token.backends.memcache.Token',
|
||||
'token_driver' => 'memcache',
|
||||
'cache_backend' => 'dogpile.cache.memcached',
|
||||
'cache_backend_argument' => ['url:SERVER3:12211'],
|
||||
'cache_enabled' => false,
|
||||
@ -758,7 +758,7 @@ describe 'keystone' do
|
||||
default_params
|
||||
end
|
||||
|
||||
it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.sql.Catalog') }
|
||||
it { is_expected.to contain_keystone_config('catalog/driver').with_value('sql') }
|
||||
end
|
||||
|
||||
describe 'setting default template catalog' do
|
||||
@ -769,7 +769,7 @@ describe 'keystone' do
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
|
||||
it { is_expected.to contain_keystone_config('catalog/driver').with_value('templated') }
|
||||
it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/etc/keystone/default_catalog.templates') }
|
||||
end
|
||||
|
||||
@ -814,7 +814,7 @@ describe 'keystone' do
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
|
||||
it { is_expected.to contain_keystone_config('catalog/driver').with_value('templated') }
|
||||
it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/some/template_file') }
|
||||
end
|
||||
|
||||
|
||||
@ -81,9 +81,7 @@ describe 'keystone::ldap_backend' do
|
||||
:tls_cacertdir => '/etc/ssl/certs/',
|
||||
:tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
||||
:tls_req_cert => 'demand',
|
||||
:identity_driver => 'keystone.identity.backends.ldap.Identity',
|
||||
:credential_driver => 'keystone.credential.backends.ldap.Credential',
|
||||
:assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
|
||||
:identity_driver => 'ldap',
|
||||
:use_pool => 'True',
|
||||
:pool_size => 20,
|
||||
:pool_retry_max => 2,
|
||||
@ -191,9 +189,7 @@ describe 'keystone::ldap_backend' do
|
||||
is_expected.to contain_keystone_domain_config('Default::ldap/auth_pool_connection_lifetime').with_value('200')
|
||||
|
||||
# drivers
|
||||
is_expected.to contain_keystone_config('identity/driver').with_value('keystone.identity.backends.ldap.Identity')
|
||||
is_expected.to contain_keystone_config('credential/driver').with_value('keystone.credential.backends.ldap.Credential')
|
||||
is_expected.to contain_keystone_config('assignment/driver').with_value('keystone.assignment.backends.ldap.Assignment')
|
||||
is_expected.to contain_keystone_config('identity/driver').with_value('ldap')
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user