Merge "Add manage_resources param to keystone::bootstrap"

manifests/bootstrap.pp

@@ -58,6 +58,10 @@
 #   (Optional) Whether to run keystone-manage bootstrap command.
 #   Defaults to true
 #
+# [*manage_resources*]
+#   (Optional) Whether to manage resources created by bootstrap.
+#   Defaults to true
+#
 class keystone::bootstrap (
   String[1] $password,
   String[1] $username                                   = 'admin',
@@ -72,6 +76,7 @@ class keystone::bootstrap (
   String[1] $region                                     = 'RegionOne',
   Enum['public', 'internal', 'admin'] $interface        = 'public',
   Boolean $bootstrap                                    = true,
+  Boolean $manage_resources                             = true,
 ) inherits keystone::params {
 
   include keystone::deps
@@ -121,7 +126,9 @@ class keystone::bootstrap (
       notify      => Anchor['keystone::service::begin'],
       tag         => 'keystone-bootstrap',
     }
+  }
 
+  if $manage_resources {
     # Since the bootstrap is not guaranteed to execute on each run we
     # use the below resources to make sure the current resources are
     # correct so if some value was updated we set that.

releasenotes/notes/bootstrap-manage_resources-dbf6cd7fcdd192a5.yaml

@@ -0,0 +1,10 @@
+---
+features:
+  - |
+    Added new ``manage_resources`` (default to true) in ``keystone::bootstrap``
+    class that can be set to false to not manage resources created by bootstrap.
+upgrade:
+  - |
+    If you're setting ``bootstrap`` parameter in ``keystone::bootstrap`` class
+    to false you now also need to set ``manage_resources`` to false to keep the
+    same behaviour.

spec/classes/keystone_bootstrap_spec.rb

@@ -227,13 +227,13 @@ describe 'keystone::bootstrap' do
 
       it { is_expected.to_not contain_exec('keystone bootstrap') }
 
-      it { is_expected.to_not contain_keystone_role('admin') }
+      it { is_expected.to contain_keystone_role('admin') }
-      it { is_expected.to_not contain_keystone_user('admin') }
+      it { is_expected.to contain_keystone_user('admin') }
-      it { is_expected.to_not contain_keystone_tenant('services') }
+      it { is_expected.to contain_keystone_tenant('services') }
-      it { is_expected.to_not contain_keystone_tenant('admin') }
+      it { is_expected.to contain_keystone_tenant('admin') }
-      it { is_expected.to_not contain_keystone_user_role('admin@admin') }
+      it { is_expected.to contain_keystone_user_role('admin@admin') }
-      it { is_expected.to_not contain_keystone_service('keystone::identity') }
+      it { is_expected.to contain_keystone_service('keystone::identity') }
-      it { is_expected.to_not contain_keystone_endpoint('RegionOne/keystone::identity') }
+      it { is_expected.to contain_keystone_endpoint('RegionOne/keystone::identity') }
 
       it { is_expected.to contain_file('/etc/openstack').with(
         :ensure  => 'directory',
@@ -276,6 +276,28 @@ describe 'keystone::bootstrap' do
       it { is_expected.to contain_exec('keystone bootstrap').with_user('some') }
     end
 
+    context 'with bootstrap enabled and manage_resource to false' do
+      let :params do
+        {
+          :bootstrap        => false,
+          :manage_resources => false,
+          :password         => 'secret'
+        }
+      end
+
+      it { is_expected.to contain_class('keystone::deps') }
+
+      it { is_expected.to_not contain_exec('keystone bootstrap') }
+
+      it { is_expected.to_not contain_keystone_role('admin') }
+      it { is_expected.to_not contain_keystone_user('admin') }
+      it { is_expected.to_not contain_keystone_tenant('services') }
+      it { is_expected.to_not contain_keystone_tenant('admin') }
+      it { is_expected.to_not contain_keystone_user_role('admin@admin') }
+      it { is_expected.to_not contain_keystone_service('keystone::identity') }
+      it { is_expected.to_not contain_keystone_endpoint('RegionOne/keystone::identity') }
+    end
+
     context 'when setting interface to internal' do
       let :params do
         {