v3: make sure default domain is created before any other resource

When using Keystone v3 and domains, we need to make sure the default
domain (if its name if not 'Default') is created before any other
domain scoped resource.

By creating a new anchor, we can add the requirement in Keystone types
that need this dependency.
If the default domain name is not modified, the Anchor won't be in the
catalog but it's not an issue when using 'autorequire' in Puppet types.

This patch also change the default domains in acceptance tests, so we
can actually test the feature and make sure resources are created after
having the default domain created.

Change-Id: I2870eaa98f816c92df901ed2fa92e8db89b67656
Closes-bug: #1478037
This commit is contained in:
Emilien Macchi 2015-07-24 14:24:37 -04:00
parent 8f5286557f
commit 50059b6c47
6 changed files with 14 additions and 6 deletions

@ -54,6 +54,6 @@ Puppet::Type.newtype(:keystone_tenant) do
# If there is no keystone config, authentication credentials
# need to come from another source.
autorequire(:anchor) do
['keystone_started']
['keystone_started','default_domain_created']
end
end

@ -102,6 +102,6 @@ Puppet::Type.newtype(:keystone_user) do
# we should not do anything until the keystone service is started
autorequire(:anchor) do
['keystone_started']
['keystone_started','default_domain_created']
end
end

@ -963,6 +963,9 @@ class keystone(
require => File['/etc/keystone/keystone.conf'],
notify => Exec['restart_keystone'],
}
anchor { 'default_domain_created':
require => Keystone_domain[$default_domain],
}
# Update this code when https://bugs.launchpad.net/keystone/+bug/1472285 is addressed.
# 1/ Keystone needs to be started before creating the default domain
# 2/ Once the default domain is created, we can query Keystone to get the default domain ID

@ -42,6 +42,7 @@ describe 'basic keystone server with resources' do
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
admin_token => 'admin_token',
enabled => true,
default_domain => 'default_domain',
}
# "v2" admin and service
class { '::keystone::roles::admin':
@ -206,11 +207,11 @@ describe 'basic keystone server with resources' do
end
describe 'with v2 admin with v3 credentials' do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name Default --os-project-domain-name Default'
'--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name default_domain --os-project-domain-name default_domain'
end
describe "with v2 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name default_domain --os-project-domain-name default_domain'
end
describe 'with v3 admin with v3 credentials' do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',

@ -43,6 +43,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
admin_token => 'admin_token',
enabled => true,
service_name => 'httpd',
default_domain => 'default_domain',
}
include ::apache
class { '::keystone::wsgi::apache':
@ -212,11 +213,11 @@ describe 'keystone server running with Apache/WSGI with resources' do
end
describe 'with v2 admin with v3 credentials' do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name Default --os-project-domain-name Default'
'--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name default_domain --os-project-domain-name default_domain'
end
describe "with v2 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name default_domain --os-project-domain-name default_domain'
end
describe 'with v3 admin with v3 credentials' do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',

@ -224,6 +224,7 @@ describe 'keystone' do
if param_hash['default_domain']
it { is_expected.to contain_keystone_domain(param_hash['default_domain']).with(:is_default => true) }
it { is_expected.to contain_anchor('default_domain_created') }
end
end
@ -877,6 +878,7 @@ describe 'keystone' do
})
end
it { is_expected.to contain_exec('restart_keystone') }
it { is_expected.to contain_anchor('default_domain_created') }
end
describe 'with default domain and service is not managed' do
let :params do
@ -886,6 +888,7 @@ describe 'keystone' do
})
end
it { is_expected.to_not contain_exec('restart_keystone') }
it { is_expected.to contain_anchor('default_domain_created') }
end
end