openstack/puppet-keystone
Code Issues Proposed changes

Merge "Simplify validations of domain specific backends"

Browse Source
This commit is contained in:
Zuul
2023-05-17 16:06:00 +00:00
committed by Gerrit Code Review
parent 78877be8e0 c478a37776
commit 54160148bb
3 changed files with 26 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
manifests/init.pp
View File

@@ -709,12 +709,6 @@ class keystone(
if $using_domain_config { if $using_domain_config {
validate_legacy(Stdlib::Compat::Absolute_path, 'validate_absolute_path', $domain_config_directory) validate_legacy(Stdlib::Compat::Absolute_path, 'validate_absolute_path', $domain_config_directory)
# Better than ensure resource. We don't want to conflict with any
# user definition even if they don't match exactly our parameters.
# The error catching mechanism in the provider will remind them if
# they did something silly, like defining a file rather than a
# directory. For the permission it's their choice.
if (!defined(File[$domain_config_directory])) {
file { $domain_config_directory: file { $domain_config_directory:
ensure => directory, ensure => directory,
owner => $keystone_user, owner => $keystone_user,
@@ -722,22 +716,14 @@ class keystone(
mode => '0750', mode => '0750',
require => Anchor['keystone::install::end'], require => Anchor['keystone::install::end'],
} }
if $manage_service { if $manage_service {
File[$domain_config_directory] ~> Service[$service_name] File[$domain_config_directory] ~> Service[$service_name]
} }
}
# Here we want the creation to fail if the user has created those keystone_config {
# resources with different values. That means that the user 'identity/domain_specific_drivers_enabled': value => true;
# wrongly uses using_domain_config parameter. 'identity/domain_config_dir': value => $domain_config_directory;
ensure_resource( }
'keystone_config',
'identity/domain_specific_drivers_enabled',
{'value' => true}
)
ensure_resource(
'keystone_config',
'identity/domain_config_dir',
{'value' => $domain_config_directory}
)
} }
} }

21
manifests/ldap_backend.pp
View File

@@ -305,25 +305,12 @@ define keystone::ldap_backend(
validate_legacy(Boolean, 'validate_bool', $manage_packages) validate_legacy(Boolean, 'validate_bool', $manage_packages)
validate_legacy(Boolean, 'validate_bool', $create_domain_entry) validate_legacy(Boolean, 'validate_bool', $create_domain_entry)
$domain_enabled = getparam(Keystone_config['identity/domain_specific_drivers_enabled'], 'value') if !defined(Class[keystone]) {
$domain_dir_enabled = getparam(Keystone_config['identity/domain_config_dir'], 'value') fail('The keystone class should be included before this class')
$err_msg = "You should add \"using_domain_config => true\" parameter to your Keystone class, \
got \"${domain_enabled}\" for identity/domain_specific_drivers_enabled \
and \"${domain_dir_enabled}\" for identity/domain_config_dir"
if(bool2num($domain_enabled) == 0) {
fail($err_msg)
} }
validate_legacy(Pattern[/^\/.+/], 'validate_re', $domain_dir_enabled, [$err_msg]) if ! $::keystone::using_domain_config {
fail('Domain specific drivers are not enabled. Set keystone::using_domain_config to true.')
if (!defined(File[$domain_dir_enabled])) {
ensure_resource('file', $domain_dir_enabled, {
ensure => directory,
owner => $::keystone::params::user,
group => $::keystone::params::group,
mode => '0750',
})
} }
$domain = $name $domain = $name

31
spec/defines/keystone_ldap_backend_spec.rb
View File

@@ -7,14 +7,9 @@ describe 'keystone::ldap_backend' do
let(:title) { 'Default' } let(:title) { 'Default' }
let(:pre_condition) do let(:pre_condition) do
<<-EOM <<-EOM
exec { 'restart_keystone': class { 'keystone':
path => ['/usr/sbin', '/usr/bin', '/sbin', '/bin/'], using_domain_config => true
command => "service ${service_name_real} restart",
refreshonly => true,
} }
keystone_config {'identity/domain_specific_drivers_enabled': value => true}
keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'}
file {'/etc/keystone/keystone.conf': ensure => present }
EOM EOM
end end
@@ -170,9 +165,9 @@ describe 'keystone::ldap_backend' do
end end
let(:pre_condition) do let(:pre_condition) do
<<-EOM <<-EOM
keystone_config {'identity/domain_specific_drivers_enabled': value => true} class { 'keystone':
keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'} using_domain_config => true
file {'/etc/keystone/keystone.conf': ensure => present } }
EOM EOM
end end
it 'should use the domain from the title' do it 'should use the domain from the title' do
@@ -183,22 +178,10 @@ describe 'keystone::ldap_backend' do
context 'checks' do context 'checks' do
let(:title) { 'domain' } let(:title) { 'domain' }
context 'Missing identity/domain_specific_drivers_enabled' do context 'with domain specific drivers disabled' do
let(:pre_condition) do let(:pre_condition) do
<<-EOM <<-EOM
keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'} class { 'keystone': }
file {'/etc/keystone/keystone.conf': ensure => present }
EOM
end
it { should raise_error(Puppet::Error) }
end
context 'Missing identity/domain_config_dir' do
let(:pre_condition) do
<<-EOM
keystone_config {'identity/domain_specific_drivers_enabled': value => true}
file {'/etc/keystone/keystone.conf': ensure => present }
EOM EOM
end end