use stevedore names when possible and cleanup ldap testing
Instead of using long backend/drivers name, use short name and stevedore will load plugins for us. It will prevent this kind of message in logs: Failed to load 'keystone.catalog.backends.sql.Catalog' using stevedore: No 'keystone.catalog' driver found, Also cleanup unit and functional tests that were setting wrong credential & assignment drivers. Change-Id: Id3b8ed63ef9a821eba5374af7ed0fd1c8d755e09
This commit is contained in:
Emilien Macchi
parent
c18e00e30f
commit
1f051ca9b7
@ -65,8 +65,7 @@ keystone::ldap_backend { 'domain_1':
|
|||||||
role_allow_create => 'True',
|
role_allow_create => 'True',
|
||||||
role_allow_update => 'True',
|
role_allow_update => 'True',
|
||||||
role_allow_delete => 'True',
|
role_allow_delete => 'True',
|
||||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
identity_driver => 'ldap',
|
||||||
assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
|
|
||||||
use_tls => 'True',
|
use_tls => 'True',
|
||||||
tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
||||||
tls_req_cert => 'demand',
|
tls_req_cert => 'demand',
|
||||||
@ -121,8 +120,7 @@ keystone::ldap_backend { 'domain_2':
|
|||||||
role_allow_create => 'True',
|
role_allow_create => 'True',
|
||||||
role_allow_update => 'True',
|
role_allow_update => 'True',
|
||||||
role_allow_delete => 'True',
|
role_allow_delete => 'True',
|
||||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
identity_driver => 'ldap',
|
||||||
assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
|
|
||||||
use_tls => 'True',
|
use_tls => 'True',
|
||||||
tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
||||||
tls_req_cert => 'demand',
|
tls_req_cert => 'demand',
|
||||||
|
|||||||
@ -58,8 +58,7 @@ class { '::keystone:ldap':
|
|||||||
role_allow_create => 'True',
|
role_allow_create => 'True',
|
||||||
role_allow_update => 'True',
|
role_allow_update => 'True',
|
||||||
role_allow_delete => 'True',
|
role_allow_delete => 'True',
|
||||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
identity_driver => 'ldap',
|
||||||
assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
|
|
||||||
use_tls => 'True',
|
use_tls => 'True',
|
||||||
tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
||||||
tls_req_cert => 'demand',
|
tls_req_cert => 'demand',
|
||||||
|
|||||||
@ -12,7 +12,7 @@ class { '::keystone::roles::admin':
|
|||||||
# This was tested against a FreeIPA box, you will likely need to change the
|
# This was tested against a FreeIPA box, you will likely need to change the
|
||||||
# attributes to match your configuration.
|
# attributes to match your configuration.
|
||||||
class { '::keystone:ldap':
|
class { '::keystone:ldap':
|
||||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
identity_driver => 'ldap',
|
||||||
url => 'ldap://ldap.example.com:389',
|
url => 'ldap://ldap.example.com:389',
|
||||||
user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com',
|
user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com',
|
||||||
password => 'SecretPass',
|
password => 'SecretPass',
|
||||||
|
|||||||
@ -60,12 +60,12 @@
|
|||||||
#
|
#
|
||||||
# [*token_provider*]
|
# [*token_provider*]
|
||||||
# (optional) Format keystone uses for tokens.
|
# (optional) Format keystone uses for tokens.
|
||||||
# Defaults to 'keystone.token.providers.uuid.Provider'
|
# Defaults to 'uuid'
|
||||||
# Supports PKI, PKIZ, Fernet, and UUID.
|
# Supports PKI, PKIZ, Fernet, and UUID.
|
||||||
#
|
#
|
||||||
# [*token_driver*]
|
# [*token_driver*]
|
||||||
# (optional) Driver to use for managing tokens.
|
# (optional) Driver to use for managing tokens.
|
||||||
# Defaults to 'keystone.token.persistence.backends.sql.Token'
|
# Defaults to 'sql'
|
||||||
#
|
#
|
||||||
# [*token_expiration*]
|
# [*token_expiration*]
|
||||||
# (optional) Amount of time a token should remain valid (seconds).
|
# (optional) Amount of time a token should remain valid (seconds).
|
||||||
@ -92,7 +92,7 @@
|
|||||||
# (optional) List of memcache servers as a comma separated string of
|
# (optional) List of memcache servers as a comma separated string of
|
||||||
# 'server:port,server:port' or an array of servers ['server:port',
|
# 'server:port,server:port' or an array of servers ['server:port',
|
||||||
# 'server:port'].
|
# 'server:port'].
|
||||||
# Used with token_driver 'keystone.token.backends.memcache.Token'.
|
# Used with token_driver 'memcache'.
|
||||||
# This configures the memcache/servers for keystone and is used as a default
|
# This configures the memcache/servers for keystone and is used as a default
|
||||||
# for $cache_memcache_servers if it is not specified.
|
# for $cache_memcache_servers if it is not specified.
|
||||||
# Defaults to $::os_service_default
|
# Defaults to $::os_service_default
|
||||||
@ -525,8 +525,8 @@ class keystone(
|
|||||||
$catalog_type = 'sql',
|
$catalog_type = 'sql',
|
||||||
$catalog_driver = false,
|
$catalog_driver = false,
|
||||||
$catalog_template_file = '/etc/keystone/default_catalog.templates',
|
$catalog_template_file = '/etc/keystone/default_catalog.templates',
|
||||||
$token_provider = 'keystone.token.providers.uuid.Provider',
|
$token_provider = 'uuid',
|
||||||
$token_driver = 'keystone.token.persistence.backends.sql.Token',
|
$token_driver = 'sql',
|
||||||
$token_expiration = 3600,
|
$token_expiration = 3600,
|
||||||
$revoke_driver = $::os_service_default,
|
$revoke_driver = $::os_service_default,
|
||||||
$revoke_by_id = true,
|
$revoke_by_id = true,
|
||||||
@ -695,10 +695,6 @@ class keystone(
|
|||||||
'revoke/driver': value => $revoke_driver;
|
'revoke/driver': value => $revoke_driver;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($policy_driver =~ /^keystone\.policy\.backends\..*Policy$/) {
|
|
||||||
warning('policy driver form \'keystone.policy.backends.*Policy\' is deprecated')
|
|
||||||
}
|
|
||||||
|
|
||||||
keystone_config {
|
keystone_config {
|
||||||
'policy/driver': value => $policy_driver;
|
'policy/driver': value => $policy_driver;
|
||||||
}
|
}
|
||||||
@ -762,10 +758,10 @@ class keystone(
|
|||||||
$catalog_driver_real = $catalog_driver
|
$catalog_driver_real = $catalog_driver
|
||||||
}
|
}
|
||||||
elsif ($catalog_type == 'template') {
|
elsif ($catalog_type == 'template') {
|
||||||
$catalog_driver_real = 'keystone.catalog.backends.templated.Catalog'
|
$catalog_driver_real = 'templated'
|
||||||
}
|
}
|
||||||
elsif ($catalog_type == 'sql') {
|
elsif ($catalog_type == 'sql') {
|
||||||
$catalog_driver_real = 'keystone.catalog.backends.sql.Catalog'
|
$catalog_driver_real = 'sql'
|
||||||
}
|
}
|
||||||
|
|
||||||
keystone_config {
|
keystone_config {
|
||||||
|
|||||||
@ -669,25 +669,6 @@ class keystone::ldap(
|
|||||||
ensure => present,
|
ensure => present,
|
||||||
}
|
}
|
||||||
|
|
||||||
# check for some common driver name mistakes
|
|
||||||
if ($assignment_driver != undef) {
|
|
||||||
if ! ($assignment_driver =~ /^keystone.assignment.backends.*Assignment$/) {
|
|
||||||
fail('assignment driver should be of the form \'keystone.assignment.backends.*Assignment\'')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($identity_driver != undef) {
|
|
||||||
if ! ($identity_driver =~ /^keystone.identity.backends.*Identity$/) {
|
|
||||||
fail('identity driver should be of the form \'keystone.identity.backends.*Identity\'')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($credential_driver != undef) {
|
|
||||||
if ! ($credential_driver =~ /^keystone.credential.backends.*Credential$/) {
|
|
||||||
fail('credential driver should be of the form \'keystone.credential.backends.*Credential\'')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($tls_cacertdir != undef) {
|
if ($tls_cacertdir != undef) {
|
||||||
file { $tls_cacertdir:
|
file { $tls_cacertdir:
|
||||||
ensure => directory
|
ensure => directory
|
||||||
|
|||||||
@ -685,25 +685,6 @@ define keystone::ldap_backend(
|
|||||||
require => Package['keystone'],
|
require => Package['keystone'],
|
||||||
})
|
})
|
||||||
|
|
||||||
# check for some common driver name mistakes
|
|
||||||
if ($assignment_driver != undef) {
|
|
||||||
if ! ($assignment_driver =~ /^keystone.assignment.backends.*Assignment$/) {
|
|
||||||
fail('assigment driver should be of the form \'keystone.assignment.backends.*Assignment\'')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($identity_driver != undef) {
|
|
||||||
if ! ($identity_driver =~ /^keystone.identity.backends.*Identity$/) {
|
|
||||||
fail('identity driver should be of the form \'keystone.identity.backends.*Identity\'')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($credential_driver != undef) {
|
|
||||||
if ! ($credential_driver =~ /^keystone.credential.backends.*Credential$/) {
|
|
||||||
fail('credential driver should be of the form \'keystone.credential.backends.*Credential\'')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($tls_cacertdir != undef) {
|
if ($tls_cacertdir != undef) {
|
||||||
ensure_resource('file', $tls_cacertdir, { ensure => directory })
|
ensure_resource('file', $tls_cacertdir, { ensure => directory })
|
||||||
}
|
}
|
||||||
|
|||||||
@ -397,16 +397,12 @@ EOC
|
|||||||
keystone::ldap_backend { 'domain_1_ldap_backend':
|
keystone::ldap_backend { 'domain_1_ldap_backend':
|
||||||
url => 'ldap://foo',
|
url => 'ldap://foo',
|
||||||
user => 'cn=foo,dc=example,dc=com',
|
user => 'cn=foo,dc=example,dc=com',
|
||||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
identity_driver => 'ldap',
|
||||||
credential_driver => 'keystone.credential.backends.ldap.Credential',
|
|
||||||
assignment_driver => 'keystone.assignment.backends.ldap.Assignment'
|
|
||||||
}
|
}
|
||||||
keystone::ldap_backend { 'domain_2_ldap_backend':
|
keystone::ldap_backend { 'domain_2_ldap_backend':
|
||||||
url => 'ldap://bar',
|
url => 'ldap://bar',
|
||||||
user => 'cn=bar,dc=test,dc=com',
|
user => 'cn=bar,dc=test,dc=com',
|
||||||
identity_driver => 'keystone.identity.backends.ldap.Identity',
|
identity_driver => 'ldap',
|
||||||
credential_driver => 'keystone.credential.backends.ldap.Credential',
|
|
||||||
assignment_driver => 'keystone.assignment.backends.ldap.Assignment'
|
|
||||||
}
|
}
|
||||||
EOM
|
EOM
|
||||||
end
|
end
|
||||||
|
|||||||
@ -72,9 +72,7 @@ describe 'keystone::ldap' do
|
|||||||
:tls_cacertdir => '/etc/ssl/certs/',
|
:tls_cacertdir => '/etc/ssl/certs/',
|
||||||
:tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
:tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
||||||
:tls_req_cert => 'demand',
|
:tls_req_cert => 'demand',
|
||||||
:identity_driver => 'keystone.identity.backends.ldap.Identity',
|
:identity_driver => 'ldap',
|
||||||
:credential_driver => 'keystone.credential.backends.ldap.Credential',
|
|
||||||
:assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
|
|
||||||
:use_pool => 'True',
|
:use_pool => 'True',
|
||||||
:pool_size => 20,
|
:pool_size => 20,
|
||||||
:pool_retry_max => 2,
|
:pool_retry_max => 2,
|
||||||
@ -182,9 +180,7 @@ describe 'keystone::ldap' do
|
|||||||
is_expected.to contain_keystone_config('ldap/auth_pool_connection_lifetime').with_value('200')
|
is_expected.to contain_keystone_config('ldap/auth_pool_connection_lifetime').with_value('200')
|
||||||
|
|
||||||
# drivers
|
# drivers
|
||||||
is_expected.to contain_keystone_config('identity/driver').with_value('keystone.identity.backends.ldap.Identity')
|
is_expected.to contain_keystone_config('identity/driver').with_value('ldap')
|
||||||
is_expected.to contain_keystone_config('credential/driver').with_value('keystone.credential.backends.ldap.Credential')
|
|
||||||
is_expected.to contain_keystone_config('assignment/driver').with_value('keystone.assignment.backends.ldap.Assignment')
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@ -338,7 +338,7 @@ describe 'keystone' do
|
|||||||
{
|
{
|
||||||
'enable_pki_setup' => true,
|
'enable_pki_setup' => true,
|
||||||
'admin_token' => 'service_token',
|
'admin_token' => 'service_token',
|
||||||
'token_provider' => 'keystone.token.providers.pki.Provider'
|
'token_provider' => 'pki'
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -368,7 +368,7 @@ describe 'keystone' do
|
|||||||
let :params do
|
let :params do
|
||||||
{
|
{
|
||||||
'admin_token' => 'service_token',
|
'admin_token' => 'service_token',
|
||||||
'token_provider' => 'keystone.token.providers.uuid.Provider',
|
'token_provider' => 'uuid',
|
||||||
'enable_pki_setup' => false,
|
'enable_pki_setup' => false,
|
||||||
'signing_certfile' => 'signing_certfile',
|
'signing_certfile' => 'signing_certfile',
|
||||||
'signing_keyfile' => 'signing_keyfile',
|
'signing_keyfile' => 'signing_keyfile',
|
||||||
@ -410,7 +410,7 @@ describe 'keystone' do
|
|||||||
let :params do
|
let :params do
|
||||||
{
|
{
|
||||||
'admin_token' => 'service_token',
|
'admin_token' => 'service_token',
|
||||||
'token_provider' => 'keystone.token.providers.pki.Provider',
|
'token_provider' => 'pki',
|
||||||
'enable_pki_setup' => false,
|
'enable_pki_setup' => false,
|
||||||
'signing_certfile' => 'signing_certfile',
|
'signing_certfile' => 'signing_certfile',
|
||||||
'signing_keyfile' => 'signing_keyfile',
|
'signing_keyfile' => 'signing_keyfile',
|
||||||
@ -460,7 +460,7 @@ describe 'keystone' do
|
|||||||
describe 'when configuring catalog driver' do
|
describe 'when configuring catalog driver' do
|
||||||
let :params do
|
let :params do
|
||||||
{ :admin_token => 'service_token',
|
{ :admin_token => 'service_token',
|
||||||
:catalog_driver => 'keystone.catalog.backends.alien.AlienCatalog' }
|
:catalog_driver => 'alien' }
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_keystone_config('catalog/driver').with_value(params[:catalog_driver]) }
|
it { is_expected.to contain_keystone_config('catalog/driver').with_value(params[:catalog_driver]) }
|
||||||
@ -504,7 +504,7 @@ describe 'keystone' do
|
|||||||
{
|
{
|
||||||
'admin_token' => 'service_token',
|
'admin_token' => 'service_token',
|
||||||
'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ],
|
'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ],
|
||||||
'token_driver' => 'keystone.token.backends.memcache.Token',
|
'token_driver' => 'memcache',
|
||||||
'cache_backend' => 'dogpile.cache.memcached',
|
'cache_backend' => 'dogpile.cache.memcached',
|
||||||
'cache_backend_argument' => ['url:SERVER1:12211'],
|
'cache_backend_argument' => ['url:SERVER1:12211'],
|
||||||
'memcache_dead_retry' => '60',
|
'memcache_dead_retry' => '60',
|
||||||
@ -539,7 +539,7 @@ describe 'keystone' do
|
|||||||
{
|
{
|
||||||
'admin_token' => 'service_token',
|
'admin_token' => 'service_token',
|
||||||
'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ],
|
'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ],
|
||||||
'token_driver' => 'keystone.token.backends.memcache.Token',
|
'token_driver' => 'memcache',
|
||||||
'cache_backend' => 'dogpile.cache.memcached',
|
'cache_backend' => 'dogpile.cache.memcached',
|
||||||
'cache_backend_argument' => ['url:SERVER3:12211'],
|
'cache_backend_argument' => ['url:SERVER3:12211'],
|
||||||
'cache_memcache_servers' => [ 'SERVER3:11211', 'SERVER4:11211' ],
|
'cache_memcache_servers' => [ 'SERVER3:11211', 'SERVER4:11211' ],
|
||||||
@ -575,7 +575,7 @@ describe 'keystone' do
|
|||||||
{
|
{
|
||||||
'admin_token' => 'service_token',
|
'admin_token' => 'service_token',
|
||||||
'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ],
|
'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ],
|
||||||
'token_driver' => 'keystone.token.backends.memcache.Token',
|
'token_driver' => 'memcache',
|
||||||
'cache_backend' => 'dogpile.cache.memcached',
|
'cache_backend' => 'dogpile.cache.memcached',
|
||||||
'cache_backend_argument' => ['url:SERVER3:12211'],
|
'cache_backend_argument' => ['url:SERVER3:12211'],
|
||||||
'cache_enabled' => false,
|
'cache_enabled' => false,
|
||||||
@ -758,7 +758,7 @@ describe 'keystone' do
|
|||||||
default_params
|
default_params
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.sql.Catalog') }
|
it { is_expected.to contain_keystone_config('catalog/driver').with_value('sql') }
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'setting default template catalog' do
|
describe 'setting default template catalog' do
|
||||||
@ -769,7 +769,7 @@ describe 'keystone' do
|
|||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
|
it { is_expected.to contain_keystone_config('catalog/driver').with_value('templated') }
|
||||||
it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/etc/keystone/default_catalog.templates') }
|
it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/etc/keystone/default_catalog.templates') }
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -814,7 +814,7 @@ describe 'keystone' do
|
|||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
|
it { is_expected.to contain_keystone_config('catalog/driver').with_value('templated') }
|
||||||
it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/some/template_file') }
|
it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/some/template_file') }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@ -81,9 +81,7 @@ describe 'keystone::ldap_backend' do
|
|||||||
:tls_cacertdir => '/etc/ssl/certs/',
|
:tls_cacertdir => '/etc/ssl/certs/',
|
||||||
:tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
:tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
|
||||||
:tls_req_cert => 'demand',
|
:tls_req_cert => 'demand',
|
||||||
:identity_driver => 'keystone.identity.backends.ldap.Identity',
|
:identity_driver => 'ldap',
|
||||||
:credential_driver => 'keystone.credential.backends.ldap.Credential',
|
|
||||||
:assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
|
|
||||||
:use_pool => 'True',
|
:use_pool => 'True',
|
||||||
:pool_size => 20,
|
:pool_size => 20,
|
||||||
:pool_retry_max => 2,
|
:pool_retry_max => 2,
|
||||||
@ -191,9 +189,7 @@ describe 'keystone::ldap_backend' do
|
|||||||
is_expected.to contain_keystone_domain_config('Default::ldap/auth_pool_connection_lifetime').with_value('200')
|
is_expected.to contain_keystone_domain_config('Default::ldap/auth_pool_connection_lifetime').with_value('200')
|
||||||
|
|
||||||
# drivers
|
# drivers
|
||||||
is_expected.to contain_keystone_config('identity/driver').with_value('keystone.identity.backends.ldap.Identity')
|
is_expected.to contain_keystone_config('identity/driver').with_value('ldap')
|
||||||
is_expected.to contain_keystone_config('credential/driver').with_value('keystone.credential.backends.ldap.Credential')
|
|
||||||
is_expected.to contain_keystone_config('assignment/driver').with_value('keystone.assignment.backends.ldap.Assignment')
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user