New option replace_password for keystone_user
Adds a new option replace_password, which defaults to 'True' for all keystone_user objects, that has the effect of enforcing the password of a given keystone_user. If this is disabled, the user may change his or her password at a later time and not be reset by the keystone Puppet module. Ported from CID: I4bd59f233273374545953f16c7843488148096d6 Change-Id: Ib61128556fed816916af944ed7576e916081da07 Closes-Bug: #1400798
This commit is contained in:
parent
4f684b24db
commit
6db9a52cde
@ -62,6 +62,8 @@ Puppet::Type.type(:keystone_user).provide(
|
||||
return nil if resource[:password] == nil
|
||||
# if the user is disabled then the password can't be changed
|
||||
return resource[:password] if resource[:enabled] == :false
|
||||
# if replacing password is disabled, then don't change it
|
||||
return resource[:password] if resource[:replace_password] == :false
|
||||
# we can't get the value of the password but we can test to see if the one we know
|
||||
# about works, if it doesn't then return nil, causing it to be reset
|
||||
endpoint = nil
|
||||
@ -157,6 +159,14 @@ Puppet::Type.type(:keystone_user).provide(
|
||||
end
|
||||
end
|
||||
|
||||
def replace_password
|
||||
instance(resource[:name])[:replace_password]
|
||||
end
|
||||
|
||||
def replace_password=(value)
|
||||
@property_flush[:replace_password] = value
|
||||
end
|
||||
|
||||
def email=(value)
|
||||
@property_flush[:email] = value
|
||||
end
|
||||
|
@ -61,6 +61,14 @@ Puppet::Type.newtype(:keystone_user) do
|
||||
end
|
||||
end
|
||||
|
||||
newparam(:replace_password) do
|
||||
newvalues(/(t|T)rue/, /(f|F)alse/, true, false)
|
||||
defaultto(true)
|
||||
munge do |value|
|
||||
value.to_s.downcase.to_sym
|
||||
end
|
||||
end
|
||||
|
||||
autorequire(:keystone_tenant) do
|
||||
self[:tenant]
|
||||
end
|
||||
|
@ -250,5 +250,39 @@ username="foo"
|
||||
password = provider.password
|
||||
expect(password).to eq(nil)
|
||||
end
|
||||
|
||||
describe 'when updating a user with unmanaged password' do
|
||||
|
||||
let(:user_attrs) do
|
||||
{
|
||||
:name => 'foo',
|
||||
:ensure => 'present',
|
||||
:enabled => 'True',
|
||||
:password => 'foo',
|
||||
:replace_password => 'False',
|
||||
:tenant => 'foo',
|
||||
:email => 'foo@example.com',
|
||||
:auth => {
|
||||
'username' => 'test',
|
||||
'password' => 'abc123',
|
||||
'tenant_name' => 'foo',
|
||||
'auth_url' => 'http://127.0.0.1:5000/v2.0',
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
let(:resource) do
|
||||
Puppet::Type::Keystone_user.new(user_attrs)
|
||||
end
|
||||
|
||||
let :provider do
|
||||
provider_class.new(resource)
|
||||
end
|
||||
|
||||
it 'should not try to check password' do
|
||||
expect(provider.password).to eq('foo')
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
Loading…
x
Reference in New Issue
Block a user