diff --git a/manifests/federation/mellon.pp b/manifests/federation/mellon.pp index 036c528a7..8e4366e69 100644 --- a/manifests/federation/mellon.pp +++ b/manifests/federation/mellon.pp @@ -76,10 +76,10 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even } } - concat::fragment { 'configure_mellon_keystone': - target => "${keystone::wsgi::apache::priority}-keystone_wsgi.conf", - content => template('keystone/mellon.conf.erb'), - order => $template_order, + apache::vhost::fragment { 'configure_mellon_keystone': + vhost => 'keystone_wsgi', + priority => $keystone::wsgi::apache::priority, + content => template('keystone/mellon.conf.erb'), + order => $template_order, } - } diff --git a/manifests/federation/openidc.pp b/manifests/federation/openidc.pp index b15e1553b..e38be89c3 100644 --- a/manifests/federation/openidc.pp +++ b/manifests/federation/openidc.pp @@ -242,9 +242,10 @@ class keystone::federation::openidc ( 'openid/remote_id_attribute': value => $remote_id_attribute; } - concat::fragment { 'configure_openidc_keystone': - target => "${keystone::wsgi::apache::priority}-keystone_wsgi.conf", - content => template('keystone/openidc.conf.erb'), - order => $template_order, + apache::vhost::fragment { 'configure_openidc_keystone': + vhost => 'keystone_wsgi', + priority => $keystone::wsgi::apache::priority, + content => template('keystone/openidc.conf.erb'), + order => $template_order, } } diff --git a/manifests/federation/shibboleth.pp b/manifests/federation/shibboleth.pp index 6a0b3cdce..c1e50e713 100644 --- a/manifests/federation/shibboleth.pp +++ b/manifests/federation/shibboleth.pp @@ -80,10 +80,11 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e include apache::mod::shib include apache::mod::authn_core - concat::fragment { 'configure_shibboleth_keystone': - target => "${keystone::wsgi::apache::priority}-keystone_wsgi.conf", - content => template('keystone/shibboleth.conf.erb'), - order => $template_order, + apache::vhost::fragment { 'configure_shibboleth_keystone': + vhost => 'keystone_wsgi', + priority => $keystone::wsgi::apache::priority, + content => template('keystone/shibboleth.conf.erb'), + order => $template_order, } } 'RedHat': { @@ -94,10 +95,11 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e path => '/usr/lib64/shibboleth/mod_shib_24.so' } - concat::fragment { 'configure_shibboleth_keystone': - target => "${keystone::wsgi::apache::priority}-keystone_wsgi.conf", - content => template('keystone/shibboleth.conf.erb'), - order => $template_order, + apache::vhost::fragment { 'configure_shibboleth_keystone': + vhost => 'keystone_wsgi', + priority => $keystone::wsgi::apache::priority, + content => template('keystone/shibboleth.conf.erb'), + order => $template_order, } } else { if !$suppress_warning { diff --git a/spec/classes/keystone_federation_mellon_spec.rb b/spec/classes/keystone_federation_mellon_spec.rb index fbfd0f69a..c61b246ce 100644 --- a/spec/classes/keystone_federation_mellon_spec.rb +++ b/spec/classes/keystone_federation_mellon_spec.rb @@ -51,10 +51,11 @@ describe 'keystone::federation::mellon' do is_expected.to contain_keystone_config('mapped/remote_id_attribute').with_ensure('absent') end - it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({ + it { is_expected.to contain_apache__vhost__fragment('configure_mellon_keystone').with({ + :vhost => 'keystone_wsgi', # This need to change if priority is changed in keystone::wsgi::apache - :target => "10-keystone_wsgi.conf", - :order => params[:template_order], + :priority => 10, + :order => params[:template_order], })} end @@ -73,9 +74,11 @@ describe 'keystone::federation::mellon' do is_expected.to contain_keystone_config('mapped/remote_id_attribute').with_value('MELLON_IDP') end - it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({ - :target => "10-keystone_wsgi.conf", - :order => params[:template_order], + it { is_expected.to contain_apache__vhost__fragment('configure_mellon_keystone').with({ + :vhost => 'keystone_wsgi', + # This need to change if priority is changed in keystone::wsgi::apache + :priority => 10, + :order => params[:template_order], })} end end diff --git a/spec/classes/keystone_federation_openidc_spec.rb b/spec/classes/keystone_federation_openidc_spec.rb index 2e28af6ac..9f8aad894 100644 --- a/spec/classes/keystone_federation_openidc_spec.rb +++ b/spec/classes/keystone_federation_openidc_spec.rb @@ -66,13 +66,14 @@ describe 'keystone::federation::openidc' do is_expected.to contain_keystone_config('openid/remote_id_attribute').with_value('') end - it { is_expected.to contain_concat__fragment('configure_openidc_keystone').with({ - :target => "10-keystone_wsgi.conf", - :order => params[:template_order], + it { is_expected.to contain_apache__vhost__fragment('configure_openidc_keystone').with({ + :vhost => 'keystone_wsgi', + :priority => 10, + :order => params[:template_order], })} it 'should contain expected config' do - content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') + content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') expect(content).to match('OIDCProviderMetadataURL "https://accounts.google.com/.well-known/openid-configuration"') expect(content).to match('OIDCClientID "openid_client_id"') expect(content).to match('OIDCClientSecret "openid_client_secret"') @@ -88,7 +89,7 @@ describe 'keystone::federation::openidc' do end it 'should contain oauth and introspection config' do - content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') + content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') expect(content).to match('OIDCOAuthClientID "openid_client_id"') expect(content).to match('OIDCOAuthClientSecret "openid_client_secret"') expect(content).to match('OIDCOAuthIntrospectionEndpoint "http://example.com"') @@ -106,7 +107,7 @@ describe 'keystone::federation::openidc' do end it 'should contain oauth and jwks config' do - content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') + content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') expect(content).to match('OIDCOAuthVerifyJwksUri "http://example.com"') expect(content).to match('/v3/OS-FEDERATION/identity_providers/myidp/protocols/openid/auth') end @@ -137,7 +138,7 @@ describe 'keystone::federation::openidc' do end it 'should contain memcache servers' do - content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') + content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') expect(content).to match('OIDCCacheType memcache') expect(content).to match('OIDCCacheShmMax 10') expect(content).to match('OIDCCacheShmEntrySize 11') @@ -159,7 +160,7 @@ describe 'keystone::federation::openidc' do end it 'should contain memcache servers' do - content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') + content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') expect(content).to match('OIDCCacheType redis') expect(content).to match('OIDCRedisCachePassword "redispass"') expect(content).to match('OIDCRedisCacheUsername "redisuser"') @@ -177,7 +178,7 @@ describe 'keystone::federation::openidc' do end it 'should contain memcache servers' do - content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') + content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') expect(content).to match('OIDCMemCacheServers "127.0.0.1:11211 127.0.0.2:11211"') end end @@ -190,7 +191,7 @@ describe 'keystone::federation::openidc' do end it 'should contain redis server' do - content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') + content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') expect(content).to match('OIDCRedisCacheServer "127.0.0.1"') end end @@ -203,7 +204,7 @@ describe 'keystone::federation::openidc' do end it 'should contain OIDC claim delimiter' do - content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') + content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') expect(content).to match('OIDCClaimDelimiter ";"') end end @@ -216,7 +217,7 @@ describe 'keystone::federation::openidc' do end it 'should contain OIDC pass userinfo as' do - content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') + content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') expect(content).to match('OIDCPassUserInfoAs "claims"') end end @@ -229,7 +230,7 @@ describe 'keystone::federation::openidc' do end it 'should contain OIDC pass claim as' do - content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') + content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') expect(content).to match('OIDCPassClaimsAs "both"') end end @@ -242,7 +243,7 @@ describe 'keystone::federation::openidc' do end it 'should contain OIDC response mode' do - content = get_param('concat::fragment', 'configure_openidc_keystone', 'content') + content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') expect(content).to match('OIDCResponseMode "form_post"') end end diff --git a/spec/classes/keystone_federation_shibboleth_spec.rb b/spec/classes/keystone_federation_shibboleth_spec.rb index 592d82557..356423153 100644 --- a/spec/classes/keystone_federation_shibboleth_spec.rb +++ b/spec/classes/keystone_federation_shibboleth_spec.rb @@ -82,9 +82,11 @@ describe 'keystone::federation::shibboleth' do it { is_expected.to contain_apache__mod('shib2') } it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') } - it { is_expected.to contain_concat__fragment('configure_shibboleth_keystone').with({ - :target => "10-keystone_wsgi.conf", - :order => params[:template_order], + it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({ + :vhost => 'keystone_wsgi', + # This need to change if priority is changed in keystone::wsgi::apache + :priority => 10, + :order => params[:template_order], })} end end @@ -105,9 +107,11 @@ describe 'keystone::federation::shibboleth' do it { is_expected.to contain_apache__mod('shib2') } it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') } - it { is_expected.to contain_concat__fragment('configure_shibboleth_keystone').with({ - :target => "10-keystone_wsgi.conf", - :order => params[:template_order], + it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({ + :vhost => 'keystone_wsgi', + # This need to change if priority is changed in keystone::wsgi::apache + :priority => 10, + :order => params[:template_order], })} end end @@ -117,7 +121,7 @@ describe 'keystone::federation::shibboleth' do let (:params) { default_params } it { is_expected.to_not contain_apache__mod('shib2') } it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') } - it { is_expected.to_not contain_concat__fragment('configure_shibboleth_keystone') } + it { is_expected.to_not contain_apache__vhost__fragment('configure_shibboleth_keystone') } end end end @@ -127,11 +131,12 @@ describe 'keystone::federation::shibboleth' do let (:params) { default_params } it { is_expected.to contain_apache__mod('shib2') } - it { is_expected.to contain_concat__fragment('configure_shibboleth_keystone').with({ - :target => "10-keystone_wsgi.conf", - :order => params[:template_order], - })} - + it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({ + :vhost => 'keystone_wsgi', + # This need to change if priority is changed in keystone::wsgi::apache + :priority => 10, + :order => params[:template_order], + })} end end