openstack/puppet-keystone
Code Issues Proposed changes

Use native interface to inject vhost configuration

Browse Source 
puppetlabs-apache provides a native interface to inject arbitrary
contents to vhost configuration files managed by the module.

Change-Id: Ia2489b5c79781a6335eea3ce2f6a19fd1c45b1c2
This commit is contained in:
Takashi Kajinami 2024-03-25 11:40:15 +09:00
parent aacacdc154
commit 8780840907
6 changed files with 61 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
manifests/federation/mellon.pp
View File

@ -76,10 +76,10 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
}
}
concat::fragment { 'configure_mellon_keystone':
target => "${keystone::wsgi::apache::priority}-keystone_wsgi.conf",
content => template('keystone/mellon.conf.erb'),
order => $template_order,
apache::vhost::fragment { 'configure_mellon_keystone':
vhost => 'keystone_wsgi',
priority => $keystone::wsgi::apache::priority,
content => template('keystone/mellon.conf.erb'),
order => $template_order,
}
}

9
manifests/federation/openidc.pp
View File

@ -242,9 +242,10 @@ class keystone::federation::openidc (
'openid/remote_id_attribute': value => $remote_id_attribute;
}
concat::fragment { 'configure_openidc_keystone':
target => "${keystone::wsgi::apache::priority}-keystone_wsgi.conf",
content => template('keystone/openidc.conf.erb'),
order => $template_order,
apache::vhost::fragment { 'configure_openidc_keystone':
vhost => 'keystone_wsgi',
priority => $keystone::wsgi::apache::priority,
content => template('keystone/openidc.conf.erb'),
order => $template_order,
}
}

18
manifests/federation/shibboleth.pp
View File

@ -80,10 +80,11 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
include apache::mod::shib
include apache::mod::authn_core
concat::fragment { 'configure_shibboleth_keystone':
target => "${keystone::wsgi::apache::priority}-keystone_wsgi.conf",
content => template('keystone/shibboleth.conf.erb'),
order => $template_order,
apache::vhost::fragment { 'configure_shibboleth_keystone':
vhost => 'keystone_wsgi',
priority => $keystone::wsgi::apache::priority,
content => template('keystone/shibboleth.conf.erb'),
order => $template_order,
}
}
'RedHat': {
@ -94,10 +95,11 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
path => '/usr/lib64/shibboleth/mod_shib_24.so'
}
concat::fragment { 'configure_shibboleth_keystone':
target => "${keystone::wsgi::apache::priority}-keystone_wsgi.conf",
content => template('keystone/shibboleth.conf.erb'),
order => $template_order,
apache::vhost::fragment { 'configure_shibboleth_keystone':
vhost => 'keystone_wsgi',
priority => $keystone::wsgi::apache::priority,
content => template('keystone/shibboleth.conf.erb'),
order => $template_order,
}
} else {
if !$suppress_warning {

15
spec/classes/keystone_federation_mellon_spec.rb
View File

@ -51,10 +51,11 @@ describe 'keystone::federation::mellon' do
is_expected.to contain_keystone_config('mapped/remote_id_attribute').with_ensure('absent')
end
it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({
it { is_expected.to contain_apache__vhost__fragment('configure_mellon_keystone').with({
:vhost => 'keystone_wsgi',
# This need to change if priority is changed in keystone::wsgi::apache
:target => "10-keystone_wsgi.conf",
:order => params[:template_order],
:priority => 10,
:order => params[:template_order],
})}
end
@ -73,9 +74,11 @@ describe 'keystone::federation::mellon' do
is_expected.to contain_keystone_config('mapped/remote_id_attribute').with_value('MELLON_IDP')
end
it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({
:target => "10-keystone_wsgi.conf",
:order => params[:template_order],
it { is_expected.to contain_apache__vhost__fragment('configure_mellon_keystone').with({
:vhost => 'keystone_wsgi',
# This need to change if priority is changed in keystone::wsgi::apache
:priority => 10,
:order => params[:template_order],
})}
end
end

29
spec/classes/keystone_federation_openidc_spec.rb
View File

@ -66,13 +66,14 @@ describe 'keystone::federation::openidc' do
is_expected.to contain_keystone_config('openid/remote_id_attribute').with_value('<SERVICE DEFAULT>')
end
it { is_expected.to contain_concat__fragment('configure_openidc_keystone').with({
:target => "10-keystone_wsgi.conf",
:order => params[:template_order],
it { is_expected.to contain_apache__vhost__fragment('configure_openidc_keystone').with({
:vhost => 'keystone_wsgi',
:priority => 10,
:order => params[:template_order],
})}
it 'should contain expected config' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCProviderMetadataURL "https://accounts.google.com/.well-known/openid-configuration"')
expect(content).to match('OIDCClientID "openid_client_id"')
expect(content).to match('OIDCClientSecret "openid_client_secret"')
@ -88,7 +89,7 @@ describe 'keystone::federation::openidc' do
end
it 'should contain oauth and introspection config' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCOAuthClientID "openid_client_id"')
expect(content).to match('OIDCOAuthClientSecret "openid_client_secret"')
expect(content).to match('OIDCOAuthIntrospectionEndpoint "http://example.com"')
@ -106,7 +107,7 @@ describe 'keystone::federation::openidc' do
end
it 'should contain oauth and jwks config' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCOAuthVerifyJwksUri "http://example.com"')
expect(content).to match('/v3/OS-FEDERATION/identity_providers/myidp/protocols/openid/auth')
end
@ -137,7 +138,7 @@ describe 'keystone::federation::openidc' do
end
it 'should contain memcache servers' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCCacheType memcache')
expect(content).to match('OIDCCacheShmMax 10')
expect(content).to match('OIDCCacheShmEntrySize 11')
@ -159,7 +160,7 @@ describe 'keystone::federation::openidc' do
end
it 'should contain memcache servers' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCCacheType redis')
expect(content).to match('OIDCRedisCachePassword "redispass"')
expect(content).to match('OIDCRedisCacheUsername "redisuser"')
@ -177,7 +178,7 @@ describe 'keystone::federation::openidc' do
end
it 'should contain memcache servers' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCMemCacheServers "127.0.0.1:11211 127.0.0.2:11211"')
end
end
@ -190,7 +191,7 @@ describe 'keystone::federation::openidc' do
end
it 'should contain redis server' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCRedisCacheServer "127.0.0.1"')
end
end
@ -203,7 +204,7 @@ describe 'keystone::federation::openidc' do
end
it 'should contain OIDC claim delimiter' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCClaimDelimiter ";"')
end
end
@ -216,7 +217,7 @@ describe 'keystone::federation::openidc' do
end
it 'should contain OIDC pass userinfo as' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCPassUserInfoAs "claims"')
end
end
@ -229,7 +230,7 @@ describe 'keystone::federation::openidc' do
end
it 'should contain OIDC pass claim as' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCPassClaimsAs "both"')
end
end
@ -242,7 +243,7 @@ describe 'keystone::federation::openidc' do
end
it 'should contain OIDC response mode' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCResponseMode "form_post"')
end
end

29
spec/classes/keystone_federation_shibboleth_spec.rb
View File

@ -82,9 +82,11 @@ describe 'keystone::federation::shibboleth' do
it { is_expected.to contain_apache__mod('shib2') }
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
it { is_expected.to contain_concat__fragment('configure_shibboleth_keystone').with({
:target => "10-keystone_wsgi.conf",
:order => params[:template_order],
it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({
:vhost => 'keystone_wsgi',
# This need to change if priority is changed in keystone::wsgi::apache
:priority => 10,
:order => params[:template_order],
})}
end
end
@ -105,9 +107,11 @@ describe 'keystone::federation::shibboleth' do
it { is_expected.to contain_apache__mod('shib2') }
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
it { is_expected.to contain_concat__fragment('configure_shibboleth_keystone').with({
:target => "10-keystone_wsgi.conf",
:order => params[:template_order],
it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({
:vhost => 'keystone_wsgi',
# This need to change if priority is changed in keystone::wsgi::apache
:priority => 10,
:order => params[:template_order],
})}
end
end
@ -117,7 +121,7 @@ describe 'keystone::federation::shibboleth' do
let (:params) { default_params }
it { is_expected.to_not contain_apache__mod('shib2') }
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
it { is_expected.to_not contain_concat__fragment('configure_shibboleth_keystone') }
it { is_expected.to_not contain_apache__vhost__fragment('configure_shibboleth_keystone') }
end
end
end
@ -127,11 +131,12 @@ describe 'keystone::federation::shibboleth' do
let (:params) { default_params }
it { is_expected.to contain_apache__mod('shib2') }
it { is_expected.to contain_concat__fragment('configure_shibboleth_keystone').with({
:target => "10-keystone_wsgi.conf",
:order => params[:template_order],
})}
it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({
:vhost => 'keystone_wsgi',
# This need to change if priority is changed in keystone::wsgi::apache
:priority => 10,
:order => params[:template_order],
})}
end
end