Add define for managing authtoken fragments.

Creates a define that can be used to manage the configuration of the authtoken middleware for all client. This was created so that authtoken can be centrally configured using the same code for all services.
2012-04-21 18:20:02 -07:00 · 2012-04-21 18:20:02 -07:00 · 7fc44548f2
parent 166fc556b0
commit 7fc44548f2
3 changed files with 174 additions and 0 deletions
--- a/manifests/client/authtoken.pp
+++ b/manifests/client/authtoken.pp
@ -0,0 +1,56 @@
+#
+# This define can be used to manage authtokens so that
+# services can authenticate with keystone.
+#
+# == Parameters
+#  [name] Name of the target file for the authtoken fragment.
+#  [order] Used to determine the order of the fragments. Optional.
+#    Defaults to 80, which places it near to the end of the file.
+#  [admin_token] Keystone admin token that can serve as a shared secret
+#    for authenticating. If this is choosen if is used instead of a user,tenant,password.
+#    Optional. Defaults to false.
+#  [admin_user] User used to authenticate service.
+#    Optional. Defaults to admin
+#  [admin_tenant_name] Tenant used to authenticate service.
+#    Optional. Defaults to openstack.
+#  [admin_password] Password used with user to authenticate service.
+#    Optional. Defaults to ChangeMe.
+#  [admin_tenant_name]
+#    Optional. Defaults to openstack.
+#  [auth_host] Host providing the keystone service API endpoint. Optional.
+#    Defaults to 127.0.0.1
+#  [auth_port] Port where keystone service is listening. Optional.
+#    Defaults to 3557.
+#  [auth_protocol] Protocol to use to communicate with keystone. Optional.
+#    Defaults to https.
+#
+# == Authors
+#
+#   Dan Bode dan@puppetlabs.com
+#
+# == Copyright
+#
+# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
+#
+define keystone::client::authtoken(
+  $order               = '80',
+  $admin_token         = false,
+  $admin_user          = 'admin',
+  $admin_tenant_name   = 'openstack',
+  $admin_password      = 'ChangeMe',
+  $delay_auth_decision = '0',
+  $auth_host           = '127.0.0.1',
+  $auth_port           = '3557',
+  $auth_protocol       = 'https'
+) {
+
+  $auth_uri = "${auth_protocol}://${auth_host}:${auth_port}"
+  $fragment_title    = regsubst($name, '/', '_', 'G')
+
+  concat::fragment { "${fragment_title}_authtoken":
+    target  => $name,
+    content => template('keystone/client/authtoken.conf.erb'),
+    order   => $order,
+  }
+
+}
--- a/spec/defines/keystone_client_authtoken_spec.pp
+++ b/spec/defines/keystone_client_authtoken_spec.pp
@ -0,0 +1,99 @@
+require 'spec_helper'
+
+describe 'keystone::client::authtoken' do
+
+  let :title do
+    '/tmp/foo'
+  end
+
+  let :pre_condition do
+'
+class { "concat::setup": }
+concat { "/tmp/foo": }
+'
+  end
+
+  let :fragment_path do
+   '/var/lib/puppet/concat/_tmp_foo/fragments/80__tmp_foo_authtoken'
+  end
+
+  describe 'with default options' do
+    it 'should use defaults to compile fragment template' do
+# TODO why is this path wrong???
+      verify_contents(subject, fragment_path,
+        [
+          '[filter:authtoken]',
+          'paste.filter_factory = keystone.middleware.auth_token:filter_factory',
+          'auth_host = 127.0.0.1',
+          'auth_port = 3557',
+          'auth_protocol = https',
+          'auth_uri = https://127.0.0.1:3557',
+          'admin_tenant_name = openstack',
+          'admin_user = admin',
+          'admin_password = ChangeMe',
+          'delay_auth_decision = 0'
+        ]
+      )
+    end
+  end
+  describe 'when overriding default parameters' do
+    describe 'when overriding order' do
+      let :params do
+        { 'order' => '99'}
+      end
+      it { should contain_file('/var/lib/puppet/concat/_tmp_foo/fragments/99__tmp_foo_authtoken') }
+    end
+    describe 'when overriding host info' do
+      let :params do
+        {
+          'auth_host'           => '10.0.0.1',
+          'auth_port'           => '1234',
+          'auth_protocol'       => 'http',
+          'delay_auth_decision' => '1'
+        }
+      end
+      it 'should override auth values' do
+        verify_contents(subject, fragment_path,
+          [
+            'auth_host = 10.0.0.1',
+            'auth_port = 1234',
+            'auth_protocol = http',
+            'auth_uri = http://10.0.0.1:1234',
+            'delay_auth_decision = 1'
+          ]
+        )
+      end
+    end
+    describe 'when overriding admin info' do
+      let :params do
+        {
+          'admin_tenant_name'=> 'foo',
+          'admin_user'       => 'bar',
+          'admin_password'   => 'baz'
+        }
+      end
+      it 'should override admin values' do
+        verify_contents(subject, fragment_path,
+          [
+            'admin_tenant_name = foo',
+            'admin_user = bar',
+            'admin_password = baz'
+          ]
+        )
+      end
+    end
+    describe 'when setting admin token' do
+      let :params do
+        {:admin_token => 'foo'}
+      end
+      it { should contain_file(fragment_path).with_content(/admin_token = foo/) }
+      it 'should not contain admin options in the config' do
+        content = param_value(subject, 'file', fragment_path, 'content')
+        content.should_not =~ /admin_tenant_name/
+        content.should_not =~ /admin_user/
+        content.should_not =~ /admin_password/
+      end
+    end
+  end
+
+end
--- a/templates/client/authtoken.conf.erb
+++ b/templates/client/authtoken.conf.erb
@ -0,0 +1,19 @@
+
+#
+# used to specify connection information to keystone
+#
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+auth_host = <%= auth_host %>
+auth_port = <%= auth_port %>
+auth_protocol = <%= auth_protocol %>
+auth_uri = <%= auth_uri %>
+# if its defined
+<% if admin_token -%>
+admin_token = <%= admin_token %>
+<% else -%>
+admin_tenant_name = <%= admin_tenant_name %>
+admin_user = <%= admin_user %>
+admin_password = <%= admin_password %>
+<% end -%>
+delay_auth_decision = <%= delay_auth_decision %>