openstack/puppet-keystone
Code Issues Proposed changes

Merge "Add association of the admin user to a domain."

Browse Source
This commit is contained in:
Jenkins 2016-06-23 18:30:49 +00:00 committed by Gerrit Code Review
commit 3bdfb786d9
3 changed files with 45 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
manifests/roles/admin.pp
View File

@ -53,6 +53,11 @@
# Optional. Domain of the admin user # Optional. Domain of the admin user
# Defaults to undef (undef will resolve to class keystone $default_domain) # Defaults to undef (undef will resolve to class keystone $default_domain)
# #
# [*target_admin_domain*]
# Optional. Domain where the admin user will have the $admin_role
# Defaults to undef (undef will not associate the $admin_role to any
# domain, only project)
#
# [*admin_project_domain*] # [*admin_project_domain*]
# Optional. Domain of the admin tenant # Optional. Domain of the admin tenant
# Defaults to undef (undef will resolve to class keystone $default_domain) # Defaults to undef (undef will resolve to class keystone $default_domain)
@ -85,11 +90,12 @@ class keystone::roles::admin(
$admin_user_domain = undef, $admin_user_domain = undef,
$admin_project_domain = undef, $admin_project_domain = undef,
$service_project_domain = undef, $service_project_domain = undef,
$target_admin_domain = undef,
) { ) {
include ::keystone::deps include ::keystone::deps
$domains = unique(delete_undef_values([ $admin_user_domain, $admin_project_domain, $service_project_domain])) $domains = unique(delete_undef_values([ $admin_user_domain, $admin_project_domain, $service_project_domain, $target_admin_domain]))
keystone_domain { $domains: keystone_domain { $domains:
ensure => present, ensure => present,
enabled => true, enabled => true,
@ -133,6 +139,15 @@ class keystone::roles::admin(
Keystone_tenant[$admin_tenant] -> Keystone_user_role["${admin}@${admin_tenant}"] Keystone_tenant[$admin_tenant] -> Keystone_user_role["${admin}@${admin_tenant}"]
Keystone_user<| title == $admin |> -> Keystone_user_role["${admin}@${admin_tenant}"] Keystone_user<| title == $admin |> -> Keystone_user_role["${admin}@${admin_tenant}"]
Keystone_user_role["${admin}@${admin_tenant}"] -> File<| tag == 'openrc' |> Keystone_user_role["${admin}@${admin_tenant}"] -> File<| tag == 'openrc' |>
if $target_admin_domain {
keystone_user_role { "${admin}@::${target_admin_domain}":
ensure => present,
user_domain => $admin_user_domain,
roles => $admin_roles,
}
Keystone_user_role["${admin}@::${target_admin_domain}"] -> File<| tag == 'openrc' |>
}
} }
} }

6
releasenotes/notes/add_target_admin_domain-272f97b06e476495.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- Implement `bug 1589933
<https://bugs.launchpad.net/puppet-keystone/+bug/1589933>`__ so now
one associate the admin to admin_role for an entire domain if it
uses the target_admin_domain parameter in the auth.pp class.

24
spec/classes/keystone_roles_admin_spec.rb
View File

@ -192,5 +192,27 @@ describe 'keystone::roles::admin' do
} }
end end
it { is_expected.to contain_keystone_domain('admin_domain') } it { is_expected.to contain_keystone_domain('admin_domain') }
end end
describe 'when specifying a target admin domain' do
let :params do
{
:email => 'foo@bar',
:password => 'ChangeMe',
:admin_user_domain => 'admin_domain',
:admin_project_domain => 'admin_domain',
:target_admin_domain => 'admin_domain_target'
}
end
let(:pre_condition) { 'file { "/root/openrc": tag => ["openrc"]}' }
it { is_expected.to contain_keystone_domain('admin_domain_target') }
it { is_expected.to contain_keystone_user_role('admin@::admin_domain_target')
.with(
:roles => ['admin'],
:ensure => 'present',
:user_domain => 'admin_domain',
)
.that_comes_before('File[/root/openrc]')
}
end
end end