openstack
/
puppet-keystone
Code Issues Proposed changes

service_identity: Allow omitting internal/admin endpoints 

Keystone v3 API no longer requires all the three endpoint types are
created and some deployments may use only public endpoints (or public
and internal endpoints).

This looses the validation to allow such deployment architecture.

Change-Id: I3873352dd3ea8556fbaa4ce3c558a912cc5f52e7
This commit is contained in:
Takashi Kajinami 2024-02-26 11:43:35 +09:00
parent a94f767c0a
commit 2cc59127e4
5 changed files with 46 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/puppet/provider/keystone_endpoint/openstack.rb
View File

@ -41,7 +41,7 @@ Puppet::Type.type(:keystone_endpoint).provide(
s_id = service_id s_id = service_id
created = false created = false
[:admin_url, :internal_url, :public_url].each do |scope| [:admin_url, :internal_url, :public_url].each do |scope|
if resource[scope] if resource[scope] and !resource[scope].empty?
created = true created = true
ids << endpoint_create(s_id, region, scope.to_s.sub(/_url$/, ''), ids << endpoint_create(s_id, region, scope.to_s.sub(/_url$/, ''),
resource[scope])[:id] resource[scope])[:id]
@ -146,7 +146,7 @@ Puppet::Type.type(:keystone_endpoint).provide(
scopes = [:admin_url, :internal_url, :public_url] scopes = [:admin_url, :internal_url, :public_url]
ids = Hash[scopes.zip(property_hash[:id].split(','))] ids = Hash[scopes.zip(property_hash[:id].split(','))]
scopes.each do |scope| scopes.each do |scope|
if property_flush[scope] if property_flush[scope] and !property_flush[scope].empty?
if ids[scope].nil? || ids[scope].empty? if ids[scope].nil? || ids[scope].empty?
ids[scope] = endpoint_create(service_id, resource[:region], ids[scope] = endpoint_create(service_id, resource[:region],
scope.to_s.sub(/_url$/, ''), scope.to_s.sub(/_url$/, ''),

35
manifests/resource/service_identity.pp
View File

@ -148,7 +148,7 @@ define keystone::resource::service_identity(
if $configure_user { if $configure_user {
['password', 'auth_name', 'email'].each |String $userprop| { ['password', 'auth_name', 'email'].each |String $userprop| {
if getvar($userprop) == undef { if getvar($userprop) == undef {
fail("The ${userprop} parameter is required when configuring a user.") fail("The ${userprop} parameter is required to configure a user.")
} }
} }
@ -201,29 +201,28 @@ define keystone::resource::service_identity(
} }
if $configure_service { if $configure_service {
if $service_type { if ! $service_type {
ensure_resource('keystone_service', "${service_name}::${service_type}", { fail('The service_type parameter is required to configure a service.')
'ensure' => $ensure,
'description' => $service_description,
})
} else {
fail ('When configuring a service, you need to set the service_type parameter.')
} }
ensure_resource('keystone_service', "${service_name}::${service_type}", {
'ensure' => $ensure,
'description' => $service_description,
})
} }
if $configure_endpoint { if $configure_endpoint {
if ! $service_type { if ! $service_type {
fail('When configuring an endpoint, you need to set the service_type parameter.') fail('The service_type parameter is required to configure a service.')
} }
if $public_url and $admin_url and $internal_url { if ! $public_url {
ensure_resource('keystone_endpoint', "${region}/${service_name}::${service_type}", { fail('The public_url parameter is required to configure endpoints.')
'ensure' => $ensure,
'public_url' => $public_url,
'admin_url' => $admin_url,
'internal_url' => $internal_url,
})
} else {
fail ('When configuring an endpoint, you need to set the _url parameters.')
} }
ensure_resource('keystone_endpoint', "${region}/${service_name}::${service_type}", {
'ensure' => $ensure,
'public_url' => $public_url,
'admin_url' => $admin_url,
'internal_url' => $internal_url,
})
} }
} }

24
spec/acceptance/10_basic_keystone_spec.rb
View File

@ -84,6 +84,27 @@ describe 'keystone server running with Apache/WSGI with resources' do
admin_url => 'http://127.0.0.1:1234/v3', admin_url => 'http://127.0.0.1:1234/v3',
internal_url => 'http://127.0.0.1:1234/v3', internal_url => 'http://127.0.0.1:1234/v3',
} }
keystone::resource::service_identity { 'civ3public':
service_type => 'civ3public',
service_description => 'civ3public service',
service_name => 'civ3public',
password => 'secret',
tenant => 'servicesv3',
public_url => 'http://127.0.0.1:1234/v3',
user_domain => 'service_domain',
project_domain => 'service_domain',
}
keystone::resource::service_identity { 'civ3noadmin':
service_type => 'civ3noadmin',
service_description => 'civ3noadmin service',
service_name => 'civ3noadmin',
password => 'secret',
tenant => 'servicesv3',
public_url => 'http://127.0.0.1:1234/v3',
internal_url => 'http://127.0.0.1:1234/v3',
user_domain => 'service_domain',
project_domain => 'service_domain',
}
EOS EOS
# Run it twice and test for idempotency # Run it twice and test for idempotency
@ -152,6 +173,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
'--os-username civ3alt --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain' '--os-username civ3alt --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
end end
end end
describe 'composite namevar quick test' do describe 'composite namevar quick test' do
context 'similar resources different naming' do context 'similar resources different naming' do
let(:pp) do let(:pp) do
@ -180,6 +202,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
end end
end end
end end
describe 'composite namevar for keystone_service' do describe 'composite namevar for keystone_service' do
let(:pp) do let(:pp) do
<<-EOM <<-EOM
@ -218,6 +241,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
apply_manifest(pp, :catch_failures => true) apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true) apply_manifest(pp, :catch_changes => true)
end end
describe 'puppet service are created' do describe 'puppet service are created' do
it 'for service' do it 'for service' do
command('puppet resource keystone_service') do |result| command('puppet resource keystone_service') do |result|

2
spec/defines/keystone_resource_service_identity_spec.rb
View File

@ -136,7 +136,7 @@ describe 'keystone::resource::service_identity' do
it { is_expected.to raise_error(Puppet::Error) } it { is_expected.to raise_error(Puppet::Error) }
end end
context 'when trying to create an endpoint without url' do context 'when trying to create an endpoint without public_url' do
let :params do let :params do
required_params.delete(:public_url) required_params.delete(:public_url)
required_params required_params

4
spec/unit/provider/keystone_endpoint/openstack_spec.rb
View File

@ -303,7 +303,7 @@ url="http://127.0.0.1:5001"
) )
expect(provider).to receive(:property_flush) expect(provider).to receive(:property_flush)
.exactly(5).times .exactly(6).times
.and_return({:admin_url => 'http://127.0.0.1:4999'}) .and_return({:admin_url => 'http://127.0.0.1:4999'})
expect(provider).to receive(:property_hash) expect(provider).to receive(:property_hash)
.exactly(2).times .exactly(2).times
@ -322,7 +322,7 @@ url="http://127.0.0.1:5001"
.with('endpoint', 'set', .with('endpoint', 'set',
['endpoint1_id', '--url=http://127.0.0.1:4999']) ['endpoint1_id', '--url=http://127.0.0.1:4999'])
expect(provider).to receive(:property_flush) expect(provider).to receive(:property_flush)
.exactly(4).times .exactly(5).times
.and_return({:admin_url => 'http://127.0.0.1:4999'}) .and_return({:admin_url => 'http://127.0.0.1:4999'})
expect(provider).to receive(:property_hash) expect(provider).to receive(:property_hash)
.exactly(2).times .exactly(2).times