Merge "Simplify validations of domain specific backends"

manifests/init.pp

@@ -709,35 +709,21 @@ class keystone(
   if $using_domain_config {
     validate_legacy(Stdlib::Compat::Absolute_path, 'validate_absolute_path', $domain_config_directory)
 
-    # Better than ensure resource.  We don't want to conflict with any
+    file { $domain_config_directory:
-    # user definition even if they don't match exactly our parameters.
+      ensure  => directory,
-    # The error catching mechanism in the provider will remind them if
+      owner   => $keystone_user,
-    # they did something silly, like defining a file rather than a
+      group   => $keystone_group,
-    # directory.  For the permission it's their choice.
+      mode    => '0750',
-    if (!defined(File[$domain_config_directory])) {
+      require => Anchor['keystone::install::end'],
-      file { $domain_config_directory:
+    }
-        ensure  => directory,
+
-        owner   => $keystone_user,
+    if $manage_service {
-        group   => $keystone_group,
+      File[$domain_config_directory] ~> Service[$service_name]
-        mode    => '0750',
+    }
-        require => Anchor['keystone::install::end'],
+
-      }
+    keystone_config {
-      if $manage_service {
+      'identity/domain_specific_drivers_enabled': value => true;
-        File[$domain_config_directory] ~> Service[$service_name]
+      'identity/domain_config_dir':               value => $domain_config_directory;
-      }
     }
-    # Here we want the creation to fail if the user has created those
-    # resources with different values. That means that the user
-    # wrongly uses using_domain_config parameter.
-    ensure_resource(
-      'keystone_config',
-      'identity/domain_specific_drivers_enabled',
-      {'value' => true}
-    )
-    ensure_resource(
-      'keystone_config',
-      'identity/domain_config_dir',
-      {'value' => $domain_config_directory}
-    )
   }
 }

manifests/ldap_backend.pp

@@ -305,25 +305,12 @@ define keystone::ldap_backend(
   validate_legacy(Boolean, 'validate_bool', $manage_packages)
   validate_legacy(Boolean, 'validate_bool', $create_domain_entry)
 
-  $domain_enabled = getparam(Keystone_config['identity/domain_specific_drivers_enabled'], 'value')
+  if !defined(Class[keystone]) {
-  $domain_dir_enabled = getparam(Keystone_config['identity/domain_config_dir'], 'value')
+    fail('The keystone class should be included before this class')
-  $err_msg = "You should add \"using_domain_config => true\" parameter to your Keystone class, \
-got \"${domain_enabled}\" for identity/domain_specific_drivers_enabled \
-and \"${domain_dir_enabled}\" for identity/domain_config_dir"
-
-  if(bool2num($domain_enabled) == 0) {
-    fail($err_msg)
   }
 
-  validate_legacy(Pattern[/^\/.+/], 'validate_re', $domain_dir_enabled, [$err_msg])
+  if ! $::keystone::using_domain_config {
-
+    fail('Domain specific drivers are not enabled. Set keystone::using_domain_config to true.')
-  if (!defined(File[$domain_dir_enabled])) {
-    ensure_resource('file', $domain_dir_enabled, {
-      ensure  => directory,
-      owner   => $::keystone::params::user,
-      group   => $::keystone::params::group,
-      mode    => '0750',
-    })
   }
 
   $domain = $name

spec/defines/keystone_ldap_backend_spec.rb

@@ -7,14 +7,9 @@ describe 'keystone::ldap_backend' do
       let(:title) { 'Default' }
       let(:pre_condition) do
         <<-EOM
-        exec { 'restart_keystone':
+        class { 'keystone':
-          path        => ['/usr/sbin', '/usr/bin', '/sbin', '/bin/'],
+          using_domain_config => true
-          command     => "service ${service_name_real} restart",
-          refreshonly => true,
         }
-        keystone_config {'identity/domain_specific_drivers_enabled': value => true}
-        keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'}
-        file {'/etc/keystone/keystone.conf': ensure => present }
         EOM
       end
 
@@ -170,9 +165,9 @@ describe 'keystone::ldap_backend' do
       end
       let(:pre_condition) do
         <<-EOM
-        keystone_config {'identity/domain_specific_drivers_enabled': value => true}
+        class { 'keystone':
-        keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'}
+          using_domain_config => true
-        file {'/etc/keystone/keystone.conf': ensure => present }
+        }
         EOM
       end
       it 'should use the domain from the title' do
@@ -183,22 +178,10 @@ describe 'keystone::ldap_backend' do
 
     context 'checks' do
       let(:title) { 'domain' }
-      context 'Missing identity/domain_specific_drivers_enabled' do
+      context 'with domain specific drivers disabled' do
         let(:pre_condition) do
         <<-EOM
-        keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'}
+        class { 'keystone': }
-        file {'/etc/keystone/keystone.conf': ensure => present }
-        EOM
-        end
-
-        it { should raise_error(Puppet::Error) }
-      end
-
-      context 'Missing identity/domain_config_dir' do
-        let(:pre_condition) do
-        <<-EOM
-        keystone_config {'identity/domain_specific_drivers_enabled': value => true}
-        file {'/etc/keystone/keystone.conf': ensure => present }
         EOM
         end