openstack/puppet-keystone
Code Issues Proposed changes

service_identity: Allow omitting internal/admin endpoints

Browse Source 
Keystone v3 API no longer requires all the three endpoint types are
created and some deployments may use only public endpoints (or public
and internal endpoints).

This looses the validation to allow such deployment architecture.

Change-Id: I3873352dd3ea8556fbaa4ce3c558a912cc5f52e7
This commit is contained in:
Takashi Kajinami 2024-02-26 11:43:35 +09:00
parent a94f767c0a
commit 2cc59127e4
5 changed files with 46 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/puppet/provider/keystone_endpoint/openstack.rb
View File

@ -41,7 +41,7 @@ Puppet::Type.type(:keystone_endpoint).provide(
s_id = service_id
created = false
[:admin_url, :internal_url, :public_url].each do |scope|
if resource[scope]
if resource[scope] and !resource[scope].empty?
created = true
ids << endpoint_create(s_id, region, scope.to_s.sub(/_url$/, ''),
resource[scope])[:id]
@ -146,7 +146,7 @@ Puppet::Type.type(:keystone_endpoint).provide(
scopes = [:admin_url, :internal_url, :public_url]
ids = Hash[scopes.zip(property_hash[:id].split(','))]
scopes.each do |scope|
if property_flush[scope]
if property_flush[scope] and !property_flush[scope].empty?
if ids[scope].nil? || ids[scope].empty?
ids[scope] = endpoint_create(service_id, resource[:region],
scope.to_s.sub(/_url$/, ''),

19
manifests/resource/service_identity.pp
View File

@ -148,7 +148,7 @@ define keystone::resource::service_identity(
if $configure_user {
['password', 'auth_name', 'email'].each |String $userprop| {
if getvar($userprop) == undef {
fail("The ${userprop} parameter is required when configuring a user.")
fail("The ${userprop} parameter is required to configure a user.")
}
}
@ -201,29 +201,28 @@ define keystone::resource::service_identity(
}
if $configure_service {
if $service_type {
if ! $service_type {
fail('The service_type parameter is required to configure a service.')
}
ensure_resource('keystone_service', "${service_name}::${service_type}", {
'ensure' => $ensure,
'description' => $service_description,
})
} else {
fail ('When configuring a service, you need to set the service_type parameter.')
}
}
if $configure_endpoint {
if ! $service_type {
fail('When configuring an endpoint, you need to set the service_type parameter.')
fail('The service_type parameter is required to configure a service.')
}
if ! $public_url {
fail('The public_url parameter is required to configure endpoints.')
}
if $public_url and $admin_url and $internal_url {
ensure_resource('keystone_endpoint', "${region}/${service_name}::${service_type}", {
'ensure' => $ensure,
'public_url' => $public_url,
'admin_url' => $admin_url,
'internal_url' => $internal_url,
})
} else {
fail ('When configuring an endpoint, you need to set the _url parameters.')
}
}
}

24
spec/acceptance/10_basic_keystone_spec.rb
View File

@ -84,6 +84,27 @@ describe 'keystone server running with Apache/WSGI with resources' do
admin_url => 'http://127.0.0.1:1234/v3',
internal_url => 'http://127.0.0.1:1234/v3',
}
keystone::resource::service_identity { 'civ3public':
service_type => 'civ3public',
service_description => 'civ3public service',
service_name => 'civ3public',
password => 'secret',
tenant => 'servicesv3',
public_url => 'http://127.0.0.1:1234/v3',
user_domain => 'service_domain',
project_domain => 'service_domain',
}
keystone::resource::service_identity { 'civ3noadmin':
service_type => 'civ3noadmin',
service_description => 'civ3noadmin service',
service_name => 'civ3noadmin',
password => 'secret',
tenant => 'servicesv3',
public_url => 'http://127.0.0.1:1234/v3',
internal_url => 'http://127.0.0.1:1234/v3',
user_domain => 'service_domain',
project_domain => 'service_domain',
}
EOS
# Run it twice and test for idempotency
@ -152,6 +173,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
'--os-username civ3alt --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
end
end
describe 'composite namevar quick test' do
context 'similar resources different naming' do
let(:pp) do
@ -180,6 +202,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
end
end
end
describe 'composite namevar for keystone_service' do
let(:pp) do
<<-EOM
@ -218,6 +241,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
describe 'puppet service are created' do
it 'for service' do
command('puppet resource keystone_service') do |result|

2
spec/defines/keystone_resource_service_identity_spec.rb
View File

@ -136,7 +136,7 @@ describe 'keystone::resource::service_identity' do
it { is_expected.to raise_error(Puppet::Error) }
end
context 'when trying to create an endpoint without url' do
context 'when trying to create an endpoint without public_url' do
let :params do
required_params.delete(:public_url)
required_params

4
spec/unit/provider/keystone_endpoint/openstack_spec.rb
View File

@ -303,7 +303,7 @@ url="http://127.0.0.1:5001"
)
expect(provider).to receive(:property_flush)
.exactly(5).times
.exactly(6).times
.and_return({:admin_url => 'http://127.0.0.1:4999'})
expect(provider).to receive(:property_hash)
.exactly(2).times
@ -322,7 +322,7 @@ url="http://127.0.0.1:5001"
.with('endpoint', 'set',
['endpoint1_id', '--url=http://127.0.0.1:4999'])
expect(provider).to receive(:property_flush)
.exactly(4).times
.exactly(5).times
.and_return({:admin_url => 'http://127.0.0.1:4999'})
expect(provider).to receive(:property_hash)
.exactly(2).times