diff --git a/manifests/bootstrap.pp b/manifests/bootstrap.pp index 08fe62ba4..1aadd3546 100644 --- a/manifests/bootstrap.pp +++ b/manifests/bootstrap.pp @@ -58,6 +58,10 @@ # (Optional) Whether to run keystone-manage bootstrap command. # Defaults to true # +# [*manage_resources*] +# (Optional) Whether to manage resources created by bootstrap. +# Defaults to true +# class keystone::bootstrap ( String[1] $password, String[1] $username = 'admin', @@ -72,6 +76,7 @@ class keystone::bootstrap ( String[1] $region = 'RegionOne', Enum['public', 'internal', 'admin'] $interface = 'public', Boolean $bootstrap = true, + Boolean $manage_resources = true, ) inherits keystone::params { include keystone::deps @@ -121,7 +126,9 @@ class keystone::bootstrap ( notify => Anchor['keystone::service::begin'], tag => 'keystone-bootstrap', } + } + if $manage_resources { # Since the bootstrap is not guaranteed to execute on each run we # use the below resources to make sure the current resources are # correct so if some value was updated we set that. diff --git a/releasenotes/notes/bootstrap-manage_resources-dbf6cd7fcdd192a5.yaml b/releasenotes/notes/bootstrap-manage_resources-dbf6cd7fcdd192a5.yaml new file mode 100644 index 000000000..8556934de --- /dev/null +++ b/releasenotes/notes/bootstrap-manage_resources-dbf6cd7fcdd192a5.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + Added new ``manage_resources`` (default to true) in ``keystone::bootstrap`` + class that can be set to false to not manage resources created by bootstrap. +upgrade: + - | + If you're setting ``bootstrap`` parameter in ``keystone::bootstrap`` class + to false you now also need to set ``manage_resources`` to false to keep the + same behaviour. diff --git a/spec/classes/keystone_bootstrap_spec.rb b/spec/classes/keystone_bootstrap_spec.rb index 24590a9b0..b7ac46c5c 100644 --- a/spec/classes/keystone_bootstrap_spec.rb +++ b/spec/classes/keystone_bootstrap_spec.rb @@ -227,13 +227,13 @@ describe 'keystone::bootstrap' do it { is_expected.to_not contain_exec('keystone bootstrap') } - it { is_expected.to_not contain_keystone_role('admin') } - it { is_expected.to_not contain_keystone_user('admin') } - it { is_expected.to_not contain_keystone_tenant('services') } - it { is_expected.to_not contain_keystone_tenant('admin') } - it { is_expected.to_not contain_keystone_user_role('admin@admin') } - it { is_expected.to_not contain_keystone_service('keystone::identity') } - it { is_expected.to_not contain_keystone_endpoint('RegionOne/keystone::identity') } + it { is_expected.to contain_keystone_role('admin') } + it { is_expected.to contain_keystone_user('admin') } + it { is_expected.to contain_keystone_tenant('services') } + it { is_expected.to contain_keystone_tenant('admin') } + it { is_expected.to contain_keystone_user_role('admin@admin') } + it { is_expected.to contain_keystone_service('keystone::identity') } + it { is_expected.to contain_keystone_endpoint('RegionOne/keystone::identity') } it { is_expected.to contain_file('/etc/openstack').with( :ensure => 'directory', @@ -276,6 +276,28 @@ describe 'keystone::bootstrap' do it { is_expected.to contain_exec('keystone bootstrap').with_user('some') } end + context 'with bootstrap enabled and manage_resource to false' do + let :params do + { + :bootstrap => false, + :manage_resources => false, + :password => 'secret' + } + end + + it { is_expected.to contain_class('keystone::deps') } + + it { is_expected.to_not contain_exec('keystone bootstrap') } + + it { is_expected.to_not contain_keystone_role('admin') } + it { is_expected.to_not contain_keystone_user('admin') } + it { is_expected.to_not contain_keystone_tenant('services') } + it { is_expected.to_not contain_keystone_tenant('admin') } + it { is_expected.to_not contain_keystone_user_role('admin@admin') } + it { is_expected.to_not contain_keystone_service('keystone::identity') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/keystone::identity') } + end + context 'when setting interface to internal' do let :params do {