v3: make sure default domain is created before any other resource
When using Keystone v3 and domains, we need to make sure the default domain (if its name if not 'Default') is created before any other domain scoped resource. By creating a new anchor, we can add the requirement in Keystone types that need this dependency. If the default domain name is not modified, the Anchor won't be in the catalog but it's not an issue when using 'autorequire' in Puppet types. This patch also change the default domains in acceptance tests, so we can actually test the feature and make sure resources are created after having the default domain created. Change-Id: I2870eaa98f816c92df901ed2fa92e8db89b67656 Closes-bug: #1478037
This commit is contained in:
parent
8f5286557f
commit
50059b6c47
lib/puppet/type
manifests
spec
@ -54,6 +54,6 @@ Puppet::Type.newtype(:keystone_tenant) do
|
||||
# If there is no keystone config, authentication credentials
|
||||
# need to come from another source.
|
||||
autorequire(:anchor) do
|
||||
['keystone_started']
|
||||
['keystone_started','default_domain_created']
|
||||
end
|
||||
end
|
||||
|
@ -102,6 +102,6 @@ Puppet::Type.newtype(:keystone_user) do
|
||||
|
||||
# we should not do anything until the keystone service is started
|
||||
autorequire(:anchor) do
|
||||
['keystone_started']
|
||||
['keystone_started','default_domain_created']
|
||||
end
|
||||
end
|
||||
|
@ -963,6 +963,9 @@ class keystone(
|
||||
require => File['/etc/keystone/keystone.conf'],
|
||||
notify => Exec['restart_keystone'],
|
||||
}
|
||||
anchor { 'default_domain_created':
|
||||
require => Keystone_domain[$default_domain],
|
||||
}
|
||||
# Update this code when https://bugs.launchpad.net/keystone/+bug/1472285 is addressed.
|
||||
# 1/ Keystone needs to be started before creating the default domain
|
||||
# 2/ Once the default domain is created, we can query Keystone to get the default domain ID
|
||||
|
@ -42,6 +42,7 @@ describe 'basic keystone server with resources' do
|
||||
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
|
||||
admin_token => 'admin_token',
|
||||
enabled => true,
|
||||
default_domain => 'default_domain',
|
||||
}
|
||||
# "v2" admin and service
|
||||
class { '::keystone::roles::admin':
|
||||
@ -206,11 +207,11 @@ describe 'basic keystone server with resources' do
|
||||
end
|
||||
describe 'with v2 admin with v3 credentials' do
|
||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||
'--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name Default --os-project-domain-name Default'
|
||||
'--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name default_domain --os-project-domain-name default_domain'
|
||||
end
|
||||
describe "with v2 service with v3 credentials" do
|
||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
|
||||
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name default_domain --os-project-domain-name default_domain'
|
||||
end
|
||||
describe 'with v3 admin with v3 credentials' do
|
||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||
|
@ -43,6 +43,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
|
||||
admin_token => 'admin_token',
|
||||
enabled => true,
|
||||
service_name => 'httpd',
|
||||
default_domain => 'default_domain',
|
||||
}
|
||||
include ::apache
|
||||
class { '::keystone::wsgi::apache':
|
||||
@ -212,11 +213,11 @@ describe 'keystone server running with Apache/WSGI with resources' do
|
||||
end
|
||||
describe 'with v2 admin with v3 credentials' do
|
||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||
'--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name Default --os-project-domain-name Default'
|
||||
'--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name default_domain --os-project-domain-name default_domain'
|
||||
end
|
||||
describe "with v2 service with v3 credentials" do
|
||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
|
||||
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name default_domain --os-project-domain-name default_domain'
|
||||
end
|
||||
describe 'with v3 admin with v3 credentials' do
|
||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||
|
@ -224,6 +224,7 @@ describe 'keystone' do
|
||||
|
||||
if param_hash['default_domain']
|
||||
it { is_expected.to contain_keystone_domain(param_hash['default_domain']).with(:is_default => true) }
|
||||
it { is_expected.to contain_anchor('default_domain_created') }
|
||||
end
|
||||
end
|
||||
|
||||
@ -877,6 +878,7 @@ describe 'keystone' do
|
||||
})
|
||||
end
|
||||
it { is_expected.to contain_exec('restart_keystone') }
|
||||
it { is_expected.to contain_anchor('default_domain_created') }
|
||||
end
|
||||
describe 'with default domain and service is not managed' do
|
||||
let :params do
|
||||
@ -886,6 +888,7 @@ describe 'keystone' do
|
||||
})
|
||||
end
|
||||
it { is_expected.to_not contain_exec('restart_keystone') }
|
||||
it { is_expected.to contain_anchor('default_domain_created') }
|
||||
end
|
||||
end
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user