openstack/puppet-keystone
Code Issues Proposed changes

Fix default domain.

Browse Source 
After the move to composite namevar a problem could occur if another
module was using indirection to find resource by name.

If the manifest didn't have any
keystone_user/keystone_tenant/keystone_user_role definition, then, the
'Default' domain would be appended to the name.

This patch, fix that by simplifying the rule for calculating the default
domain.

It now strictly follows what is described there https://review.openstack.org/#/c/219127/

Change-Id: Ic2efb51fe76d055307c8c27fa79015764417160b
Closes-Bug: #1517187
This commit is contained in:
Sofer Athlan-Guyot 2015-11-18 18:38:50 +01:00
parent 5167a2c804
commit 961c64e143
22 changed files with 431 additions and 442 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
README.md
View File

@ -131,6 +131,95 @@ class { 'postgresql::server': }
class { 'keystone::db::postgresql': password => 'super_secret_db_password', }
```
**About Keystone V3 syntax in keystone_user/keystone_tenant/keystone_user_role**
A complete description of the syntax available for those resources are
in `examples/user_project_user_role_composite_namevar.pp`
**About Keystone V3 and default domain**
***For users***
With Keystone V3, domains made their appearance. For backward
compatibility a default domain is defined in the `keystone.conf` file.
All the V2 resources are then assigned to this default domain. The
default domain id is by default `default` associated with the name
`Default`.
What it means is that this user:
```puppet
keystone_user { 'my_non_full_qualified_user':
ensure => present
}
```
will be assigned to the `Default` domain.
The same is true for `keystone_tenant` and `keystone_user_role`:
```puppet
keystone_tenant { 'project_one':
ensure => present
}
keystone_user_role { 'user_one@project_one':
ensure => present,
roles => ['admin']
}
```
will be assigned to the `Default` domain.
Now, you can change the default domain if you want. But then the
puppet resource you defined will *have* to be fully qualified.
So, for instance, if you change the default domain to be
`my_new_default`, then you'll have to do:
```puppet
keystone_user { 'full_qualified_user::my_new_default':
ensure => present
}
keystone_tenant { 'project_one::my_new_default':
ensure => present
}
keystone_user_role { 'user_one::my_new_default@project_one::my_new_default':
ensure => present,
roles => ['admin']
}
```
as the module will *always* assign a resource without domain to
the `Default` domain.
A depreciation warning will be visible in the log when you have
changed the default domain id and used an non fully qualified name for
you resource.
In Mitaka, a depreciation warning will be displayed all the time if
you used non fully qualified resource.
After Mitaka all the resources will have to be fully qualified.
***For developers***
Other module can try to find user/tenant resource using Puppet's
indirection. The rule for the name of the resources are this:
1. fully qualified if domain is not 'Default';
2. short form if domain is 'Default'
This is for backward compatibility.
Note that, as stated above, the 'Default' domain is hardcoded. It is
not related to the real default domain which can be set to something
else. But then again, you will have to set the fully qualified name.
You can check `spec/acceptance/default_domain_spec.rb` to have a
example of the behavior described here.
Implementation
--------------

54
lib/puppet/provider/keystone.rb
View File

@ -9,8 +9,9 @@ class Puppet::Provider::Keystone < Puppet::Provider::Openstack
extend Puppet::Provider::Openstack::Auth
INI_FILENAME = '/etc/keystone/keystone.conf'
DEFAULT_DOMAIN = 'Default'
@@default_domain = nil
@@default_domain_id = nil
def self.admin_endpoint
@admin_endpoint ||= get_admin_endpoint
@ -32,7 +33,46 @@ class Puppet::Provider::Keystone < Puppet::Provider::Openstack
end
end
def self.resource_to_name(domain, name, check_for_default=true)
def self.default_domain_from_ini_file
default_domain_from_conf = Puppet::Resource.indirection
.find('Keystone_config/identity/default_domain_id')
if default_domain_from_conf[:ensure] == :present
# get from ini file
default_domain_from_conf[:value]
else
nil
end
rescue
nil
end
def self.default_domain_id
if @@default_domain_id
# cached
@@default_domain_id
else
@@default_domain_id = default_domain_from_ini_file
end
@@default_domain_id = @@default_domain_id.nil? ? 'default' : @@default_domain_id
end
def self.default_domain_changed
default_domain_id != 'default'
end
def self.default_domain_deprecation_message
'Support for a resource without the domain ' \
'set is deprecated in Liberty cycle. ' \
'It will be dropped in the M-cycle. ' \
"Currently using '#{default_domain}' as default domain name " \
"while the default domain id is '#{default_domain_id}'."
end
def self.default_domain
DEFAULT_DOMAIN
end
def self.resource_to_name(domain, name, check_for_default = true)
raise Puppet::Error, "Domain cannot be nil for project '#{name}'. " \
'Please report a bug.' if domain.nil?
join_str = '::'
@ -58,16 +98,6 @@ class Puppet::Provider::Keystone < Puppet::Provider::Openstack
resource_to_name(*name_to_resource(name), false)
end
def self.default_domain
# Default domain class variable is filled in by
# user/tenant/user_role type or domain resource.
@@default_domain
end
def self.default_domain=(value)
@@default_domain = value
end
def self.domain_name_from_id(id)
unless @domain_hash
list = request('domain', 'list')

22
lib/puppet/provider/keystone_domain/openstack.rb
View File

@ -9,7 +9,6 @@ Puppet::Type.type(:keystone_domain).provide(
desc 'Provider that manages keystone domains'
@credentials = Puppet::Provider::Openstack::CredentialsV3.new
@current_default_domain_id = nil
def initialize(value={})
super(value)
@ -42,7 +41,7 @@ Puppet::Type.type(:keystone_domain).provide(
# enabled domain
self.class.request('domain', 'set', [resource[:name], '--disable'])
self.class.request('domain', 'delete', resource[:name])
@property_hash[:ensure] == :absent
@property_hash[:ensure] = :absent
ensure_default_domain(false, true)
@property_hash.clear
end
@ -70,7 +69,7 @@ Puppet::Type.type(:keystone_domain).provide(
end
def ensure_default_domain(create, destroy=false, value=nil)
curid = self.class.current_default_domain_id
curid = self.class.default_domain_id
default = (is_default == :true)
entry = keystone_conf_default_domain_id_entry(id)
if (default && create) || (!default && (value == :true))
@ -84,6 +83,7 @@ Puppet::Type.type(:keystone_domain).provide(
entry.destroy
end
end
self.class.default_domain_id = id
end
def self.instances
@ -94,7 +94,7 @@ Puppet::Type.type(:keystone_domain).provide(
:enabled => domain[:enabled].downcase.chomp == 'true' ? true : false,
:description => domain[:description],
:id => domain[:id],
:is_default => domain[:id] == current_default_domain_id
:is_default => domain[:id] == default_domain_id
)
end
end
@ -102,7 +102,7 @@ Puppet::Type.type(:keystone_domain).provide(
def self.prefetch(resources)
domains = instances
resources.keys.each do |name|
if provider = domains.find{ |domain| domain.name == name }
if provider = domains.find { |domain| domain.name == name }
resources[name].provider = provider
end
end
@ -126,14 +126,6 @@ Puppet::Type.type(:keystone_domain).provide(
private
def self.current_default_domain_id
return @current_default_domain_id unless @current_default_domain_id.nil?
current = Puppet::Resource.indirection
.find('Keystone_config/identity/default_domain_id')[:value]
current = nil if current == :absent
@current_default_domain_id = current
end
def keystone_conf_default_domain_id_entry(newid)
conf = Puppet::Type::Keystone_config
.new(:title => 'identity/default_domain_id', :value => newid)
@ -141,4 +133,8 @@ Puppet::Type.type(:keystone_domain).provide(
.new(conf)
entry
end
def self.default_domain_id=(value)
class_variable_set(:@@default_domain_id, value)
end
end

3
lib/puppet/provider/keystone_tenant/openstack.rb
View File

@ -66,6 +66,9 @@ Puppet::Type.type(:keystone_tenant).provide(
end
def self.instances
if default_domain_changed
warning(default_domain_deprecation_message)
end
projects = request('project', 'list', '--long')
projects.collect do |project|
domain_name = domain_name_from_id(project[:domain_id])

3
lib/puppet/provider/keystone_user/openstack.rb
View File

@ -141,6 +141,9 @@ Puppet::Type.type(:keystone_user).provide(
end
def self.instances
if default_domain_changed
warning(default_domain_deprecation_message)
end
users = request('user', 'list', ['--long'])
users.collect do |user|
domain_name = domain_name_from_id(user[:domain])

3
lib/puppet/provider/keystone_user_role/openstack.rb
View File

@ -79,6 +79,9 @@ Puppet::Type.type(:keystone_user_role).provide(
end
def self.instances
if default_domain_changed
warning(default_domain_deprecation_message)
end
instances = build_user_role_hash
instances.collect do |title, roles|
new({

11
lib/puppet/type/keystone_tenant.rb
View File

@ -44,8 +44,15 @@ Puppet::Type.newtype(:keystone_tenant) do
end
autorequire(:keystone_domain) do
# use the domain parameter if given, or the one from name if any
self[:domain]
default_domain = catalog.resources.find do |r|
r.class.to_s == 'Puppet::Type::Keystone_domain' &&
r[:is_default] == :true &&
r[:ensure] == :present
end
rv = [self[:domain]]
# Only used to display the deprecation warning.
rv << default_domain.name unless default_domain.nil?
rv
end
# This ensures the service is started and therefore the keystone

13
lib/puppet/type/keystone_user.rb
View File

@ -67,13 +67,20 @@ Puppet::Type.newtype(:keystone_user) do
end
autorequire(:keystone_domain) do
# use the domain parameter if given, or the one from name if any
self[:domain]
default_domain = catalog.resources.find do |r|
r.class.to_s == 'Puppet::Type::Keystone_domain' &&
r[:is_default] == :true &&
r[:ensure] == :present
end
rv = [self[:domain]]
# Only used to display the deprecation warning.
rv << default_domain.name unless default_domain.nil?
rv
end
# we should not do anything until the keystone service is started
autorequire(:anchor) do
['keystone_started','default_domain_created']
['keystone_started', 'default_domain_created']
end
def self.title_patterns

7
lib/puppet/type/keystone_user_role.rb
View File

@ -89,9 +89,16 @@ Puppet::Type.newtype(:keystone_user_role) do
end
autorequire(:keystone_domain) do
default_domain = catalog.resources.find do |r|
r.class.to_s == 'Puppet::Type::Keystone_domain' &&
r[:is_default] == :true &&
r[:ensure] == :present
end
rv = [self[:user_domain]]
rv << self[:project_domain] if parameter_set?(:project_domain)
rv << self[:domain] if parameter_set?(:domain)
# Only used to display the deprecation warning.
rv << default_domain.name unless default_domain.nil?
rv
end

69
lib/puppet_x/keystone/type/default_domain.rb
View File

@ -5,77 +5,10 @@ module PuppetX
def self.included(klass)
klass.class_eval do
defaultto do
default = PuppetX::Keystone::Type::DefaultDomain
.calculate_using(resource)
deprecation_msg = 'Support for a resource without the domain ' \
'set is deprecated in Liberty cycle. ' \
'It will be dropped in the M-cycle. ' \
"Currently using '#{default}' as default domain."
warning(deprecation_msg)
default
end
# This make sure that @@default_domain is filled no matter
# what.
validate do |_|
PuppetX::Keystone::Type::DefaultDomain
.calculate_using(resource)
true
Puppet::Provider::Keystone.default_domain
end
end
end
def self.calculate_using(resource)
current_default = from_keystone_env
return current_default unless current_default.nil?
catalog = resource.catalog
if catalog.nil?
# Running "puppet resource" (resource.catalog is nil)).
# We try to get the default from the keystone.conf file
# and then, the name from the api.
current_default = from_keystone_conf_and_api(resource)
else
current_default = from_catalog(catalog)
end
resource.provider.class.default_domain = current_default
current_default
end
private
def self.from_keystone_env
Puppet::Provider::Keystone.default_domain
rescue Puppet::DevError => e
raise e unless e.message.match(/The default domain should already be filled in/)
end
def self.from_catalog(catalog)
default_res_in_cat = catalog.resources.find do |r|
r.class.to_s == 'Puppet::Type::Keystone_domain' &&
r[:is_default] == :true &&
r[:ensure] == :present
end
default_res_in_cat[:name] rescue 'Default'
end
def self.from_keystone_conf_and_api(resource)
current_default = nil
default_domain_from_conf = Puppet::Resource.indirection
.find('Keystone_config/identity/default_domain_id')
if default_domain_from_conf[:ensure] == :absent
current_default = 'Default'
else
current_default = resource.provider.class
.domain_name_from_id(default_domain_from_conf[:value])
end
current_default
rescue
raise(Puppet::DevError,
'The default domain cannot be guessed from your ' \
'current installation. Please check that keystone ' \
'is working properly')
end
end
end
end

4
manifests/init.pp
View File

@ -417,7 +417,9 @@
# to have a domain assigned for certain operations. For example,
# doing a user create operation must have a domain associated with it.
# This is the domain which will be used if a domain is needed and not
# explicitly set in the request.
# explicitly set in the request. Using this means that you will have
# to add it to every user/tenant/user_role you create, as without a domain
# qualification those resources goes into "Default" domain. See README.
# Defaults to undef (will use built-in Keystone default)
#
# [*memcache_dead_retry*]

15
spec/acceptance/default_domain_spec.rb
View File

@ -83,16 +83,15 @@ describe 'basic keystone server with changed domain id' do
it 'should work with no errors and catch deprecation warning' do
apply_manifest(pp, :catch_failures => true) do |result|
expect(result.stderr)
.to include_regexp([/Keystone_tenant\[project_in_my_default_domain\]\/domain: Support for a resource without.*. Currently using 'my_default_domain' as default domain/,
/Keystone_user\[user_in_my_default_domain\]\/domain/,
/Keystone_user_role\[user_in_my_default_domain@project_in_my_default_domain\]\/user_domain/,
/Keystone_user_role\[user_in_my_default_domain@project_in_my_default_domain\]\/project_domain/])
.to include_regexp([/Puppet::Type::Keystone_user::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/,
/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without/])
end
end
it 'should be idempotent' do
apply_manifest(pp, :catch_changes => true) do |result|
expect(result.stderr)
.to include_regexp(/Warning: \/Keystone_tenant.*Currently using 'my_default_domain'/)
.to include_regexp([/Puppet::Type::Keystone_user::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/,
/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without/])
end
end
end
@ -100,21 +99,21 @@ describe 'basic keystone server with changed domain id' do
it 'for tenant' do
shell('puppet resource keystone_tenant') do |result|
expect(result.stdout)
.to include_regexp([/keystone_tenant { 'project_in_my_default_domain::my_default_domain':/,
.to include_regexp([/keystone_tenant { 'project_in_my_default_domain':/,
/keystone_tenant { 'project_in_my_default_domain::other_domain':/])
end
end
it 'for user' do
shell('puppet resource keystone_user') do |result|
expect(result.stdout)
.to include_regexp([/keystone_user { 'user_in_my_default_domain::my_default_domain':/,
.to include_regexp([/keystone_user { 'user_in_my_default_domain':/,
/keystone_user { 'user_in_my_default_domain::other_domain':/])
end
end
it 'for role' do
shell('puppet resource keystone_user_role') do |result|
expect(result.stdout)
.to include_regexp([/keystone_user_role { 'user_in_my_default_domain::my_default_domain@project_in_my_default_domain::my_default_domain':/,
.to include_regexp([/keystone_user_role { 'user_in_my_default_domain@project_in_my_default_domain':/,
/keystone_user_role { 'user_in_my_default_domain::other_domain@::other_domain':/])
end
end

49
spec/shared_examples.rb
View File

@ -10,8 +10,6 @@ shared_examples_for 'parse title correctly' do |result|
end
let(:resource) { described_class.new(:title => title) }
it 'should parse this title correctly' do
times = result.delete(:calling_default) || 0
Puppet::Provider::Keystone.expects(:default_domain).times(times).returns('Default')
expect(resource.to_hash).to include(result)
end
end
@ -102,48 +100,19 @@ end
# attribute [Array[Hash]]
# - the first hash are the expected result
# - second are parameters to test default domain, required but can be empty
# - the rest are the combination of attributes you want to test
# - second are the combination of attributes you want to test
# The provider must be build from ressource_attrs
# see examples in keystone_{user/user_role/tenant/service}
shared_examples_for 'create the correct resource' do |attributes|
expected_results = attributes.shift['expected_results']
default_domain = attributes.shift
context 'domain filled' do
attributes.each do |attribute|
context 'test' do
let(:resource_attrs) { attribute.values[0] }
it "should correctly create the resource when #{attribute.keys[0]}" do
times = resource_attrs.delete(:default_domain)
unless times.nil?
Puppet::Provider::Keystone.expects(:default_domain)
.times(times)
.returns(default_domain[:name])
end
provider.create
expect(provider.exists?).to be_truthy
expected_results.each do |key, value|
expect(provider.send(key)).to eq(value)
end
end
end
end
end
context 'domain not passed, using default' do
with_default_domain = default_domain[:attributes]
if with_default_domain
with_default_domain.each do |attribute|
let(:resource_attrs) { attribute[1] }
it 'should fall into the default domain' do
Puppet::Provider::Keystone.expects(:default_domain)
.times(default_domain[:times])
.returns(default_domain[:name])
provider.create
expect(provider.exists?).to be_truthy
expected_results.each do |key, value|
expect(provider.send(key)).to eq(value)
end
attributes.each do |attribute|
context 'test' do
let(:resource_attrs) { attribute.values[0] }
it "should correctly create the resource when #{attribute.keys[0]}" do
provider.create
expect(provider.exists?).to be_truthy
expected_results.each do |key, value|
expect(provider.send(key)).to eq(value)
end
end
end

2
spec/spec_helper.rb
View File

@ -18,7 +18,7 @@ def setup_provider_tests
@tenant_hash = nil
@admin_token = nil
@keystone_file = nil
Puppet::Provider::Keystone.default_domain = nil
Puppet::Provider::Keystone.class_variable_set('@@default_domain_id', nil)
@domain_hash = nil
end
end

70
spec/unit/provider/keystone_domain/openstack_spec.rb
View File

@ -4,9 +4,7 @@ require 'puppet/provider/keystone_domain/openstack'
setup_provider_tests
provider_class = Puppet::Type.type(:keystone_domain).provider(:openstack)
describe provider_class do
describe Puppet::Type.type(:keystone_domain).provider(:openstack) do
let(:set_env) do
ENV['OS_USERNAME'] = 'test'
@ -19,8 +17,8 @@ describe provider_class do
let(:domain_attrs) do
{
:name => 'foo',
:description => 'foo',
:name => 'domain_one',
:description => 'Domain One',
:ensure => 'present',
:enabled => 'True'
}
@ -31,7 +29,7 @@ describe provider_class do
end
let(:provider) do
provider_class.new(resource)
described_class.new(resource)
end
let(:another_class) do
@ -46,39 +44,36 @@ describe provider_class do
end
after :each do
provider_class.reset
described_class.reset
another_class.reset
end
describe '#create' do
it 'creates a domain' do
provider_class.expects(:current_default_domain_id).returns('default')
entry = mock
provider.expects(:keystone_conf_default_domain_id_entry).returns(entry)
provider.class.expects(:openstack)
.with('domain', 'create', '--format', 'shell', ['foo', '--enable', '--description', 'foo'])
described_class.expects(:openstack)
.with('domain', 'create', '--format', 'shell', ['domain_one', '--enable', '--description', 'Domain One'])
.returns('id="1cb05cfed7c24279be884ba4f6520262"
name="foo"
description="foo"
name="domain_one"
description="Domain One"
enabled=True
')
provider.create
expect(provider.exists?).to be_truthy
end
end
describe '#destroy' do
it 'destroys a domain' do
provider_class.expects(:current_default_domain_id).returns('default')
entry = mock
provider.expects(:keystone_conf_default_domain_id_entry).returns(entry)
described_class.expects(:openstack)
.with('domain', 'set', ['domain_one', '--disable'])
described_class.expects(:openstack)
.with('domain', 'delete', 'domain_one')
provider_class.expects(:openstack)
.with('domain', 'set', ['foo', '--disable'])
provider_class.expects(:openstack)
.with('domain', 'delete', 'foo')
provider.destroy
expect(provider.exists?).to be_falsey
end
@ -87,13 +82,12 @@ enabled=True
describe '#instances' do
it 'finds every domain' do
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('domain', 'list', '--quiet', '--format', 'csv', [])
.returns('"ID","Name","Description","Enabled"
"1cb05cfed7c24279be884ba4f6520262","foo","foo",True
"1cb05cfed7c24279be884ba4f6520262","domain_one","Domain One",True
')
provider_class.expects(:current_default_domain_id).returns('default')
instances = provider_class.instances
instances = described_class.instances
expect(instances.count).to eq(1)
end
end
@ -111,15 +105,14 @@ enabled=True
context 'default_domain_id defined in keystone.conf' do
it 'creates a default domain' do
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('domain', 'create', '--format', 'shell',
['new_default', '--enable', '--description', 'New default domain.'])
.returns('id="1cb05cfed7c24279be884ba4f6520262"
name="foo"
description="foo"
name="domain_one"
description="Domain One"
enabled=True
')
provider_class.expects(:current_default_domain_id).returns('default')
entry = mock
provider.expects(:keystone_conf_default_domain_id_entry).returns(entry)
entry.expects(:create).returns(nil)
@ -131,18 +124,18 @@ enabled=True
describe '#destroy default' do
it 'destroys a default domain' do
provider_class.expects(:current_default_domain_id).returns('my-domainid')
entry = mock
provider.expects(:keystone_conf_default_domain_id_entry).returns(entry)
described_class.expects(:default_domain_id).returns('1cb05cfed7c24279be884ba4f6520262')
provider.expects(:is_default).returns(:true)
provider.expects(:id).twice.returns('my-domainid')
provider.class.expects(:openstack)
.with('domain', 'set', ['foo', '--disable'])
provider.class.expects(:openstack)
.with('domain', 'delete', 'foo')
entry.expects(:destroy)
provider.expects(:id).times(3).returns('1cb05cfed7c24279be884ba4f6520262')
described_class.expects(:openstack)
.with('domain', 'set', ['domain_one', '--disable'])
described_class.expects(:openstack)
.with('domain', 'delete', 'domain_one')
entry.expects(:destroy)
provider.destroy
expect(provider.exists?).to be_falsey
end
@ -151,7 +144,7 @@ enabled=True
describe '#flush' do
let(:domain_attrs) do
{
:name => 'foo',
:name => 'domain_one',
:description => 'new description',
:ensure => 'present',
:enabled => 'True',
@ -160,17 +153,16 @@ enabled=True
end
it 'changes the description' do
provider.class.expects(:openstack)
.with('domain', 'set', ['foo', '--description', 'new description'])
provider.description=('new description')
described_class.expects(:openstack)
.with('domain', 'set', ['domain_one', '--description', 'new description'])
provider.description = 'new description'
provider.flush
end
it 'changes is_default' do
provider_class.expects(:current_default_domain_id).returns('previous_default_domain-id')
entry = mock
provider.expects(:keystone_conf_default_domain_id_entry).returns(entry)
provider.expects(:id).twice.returns('current_default_domain')
provider.expects(:id).times(3).returns('current_default_domain')
entry.expects(:create)
provider.is_default=(:true)

1
spec/unit/provider/keystone_service/openstack_spec.rb
View File

@ -57,7 +57,6 @@ type="type_one"
:description => 'Service One'
}
},
{},
{
'type in title' => {
:title => 'service_one::type_one',

30
spec/unit/provider/keystone_tenant/openstack_spec.rb
View File

@ -13,7 +13,6 @@ describe provider_class do
end
let(:resource_attrs) do
Puppet::Provider::Keystone.expects(:default_domain).twice.returns('Default')
{
:name => 'project_one',
:description => 'Project One',
@ -98,7 +97,6 @@ domain_id="domain_one_id"
describe '#instances', :domainlist => true do
it 'finds every tenant' do
Puppet::Provider::Keystone.expects(:default_domain).twice.returns('Default')
provider_class.expects(:openstack)
.with('project', 'list', '--quiet', '--format', 'csv', '--long')
.returns('"ID","Name","Domain ID","Description","Enabled"
@ -118,7 +116,6 @@ domain_id="domain_one_id"
provider_class.expects(:domain_name_from_id).with('default').returns('Default')
provider_class.expects(:domain_name_from_id).with('domain_two_id').returns('domain_two')
# There are one for self.instance and one for each Puppet::Type.type calls.
Puppet::Provider::Keystone.expects(:default_domain).times(3).returns('Default')
provider.class.expects(:openstack)
.with('project', 'list', '--quiet', '--format', 'csv', '--long')
.returns('"ID","Name","Domain ID","Description","Enabled"
@ -127,7 +124,6 @@ domain_id="domain_one_id"
')
end
let(:resources) do
Puppet::Provider::Keystone.expects(:default_domain).times(4).returns('Default')
[Puppet::Type.type(:keystone_tenant).new(:title => 'project_one', :ensure => :absent),
Puppet::Type.type(:keystone_tenant).new(:title => 'non_existant', :ensure => :absent)]
end
@ -206,26 +202,13 @@ domain_id="domain_one_id"
:name => 'project_one'
}
},
{
:name => 'domain_one',
:times => 2,
:attributes => {
'Default' => {
:title => 'project_one',
:description => 'Project One',
:ensure => 'present',
:enabled => 'True'
}
}
},
{
'domain in parameter' => {
:name => 'project_one',
:description => 'Project One',
:ensure => 'present',
:enabled => 'True',
:domain => 'domain_one',
:default_domain => 1
:domain => 'domain_one'
}
},
{
@ -233,8 +216,7 @@ domain_id="domain_one_id"
:title => 'project_one::domain_one',
:description => 'Project One',
:ensure => 'present',
:enabled => 'True',
:default_domain => 1
:enabled => 'True'
}
},
{
@ -243,10 +225,9 @@ domain_id="domain_one_id"
:description => 'Project One',
:ensure => 'present',
:enabled => 'True',
:domain => 'domain_one',
:default_domain => 1
:domain => 'domain_one'
}
},
}
]
end
end
@ -265,8 +246,6 @@ domain_id="domain_one_id"
')
end
let(:resources) do
# 1 by resource + 3 in prefetch and instance list.
Puppet::Provider::Keystone.expects(:default_domain).times(5).returns('Default')
[
Puppet::Type.type(:keystone_tenant)
.new(:title => 'name::domain_one', :ensure => :absent),
@ -279,7 +258,6 @@ domain_id="domain_one_id"
context 'different name, identical resource' do
let(:resources) do
Puppet::Provider::Keystone.expects(:default_domain).times(2).returns('Default')
[
Puppet::Type.type(:keystone_tenant)
.new(:title => 'name::domain_one', :ensure => :present),

232
spec/unit/provider/keystone_user/openstack_spec.rb
View File

@ -5,13 +5,7 @@ require 'puppet/provider/openstack'
setup_provider_tests
provider_class = Puppet::Type.type(:keystone_user).provider(:openstack)
def project_class
Puppet::Type.type(:keystone_tenant).provider(:openstack)
end
describe provider_class do
describe Puppet::Type.type(:keystone_user).provider(:openstack) do
let(:set_env) do
ENV['OS_USERNAME'] = 'test'
@ -21,12 +15,11 @@ describe provider_class do
end
after :each do
provider_class.reset
project_class.reset
described_class.reset
Puppet::Type.type(:keystone_tenant).provider(:openstack).reset
end
let(:resource_attrs) do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
{
:name => 'user1',
:ensure => :present,
@ -42,7 +35,7 @@ describe provider_class do
end
let(:provider) do
provider_class.new(resource)
described_class.new(resource)
end
before(:each) { set_env }
@ -50,7 +43,7 @@ describe provider_class do
describe 'when managing a user' do
describe '#create' do
it 'creates a user' do
provider.class.expects(:openstack)
described_class.expects(:openstack)
.with('user', 'create', '--format', 'shell', ['user1', '--enable', '--password', 'secret', '--email', 'user1@example.com', '--domain', 'domain1'])
.returns('email="user1@example.com"
enabled="True"
@ -65,8 +58,8 @@ username="user1"
describe '#destroy' do
it 'destroys a user' do
provider.instance_variable_get('@property_hash')[:id] = 'my-user-id'
provider.class.expects(:openstack)
provider.expects(:id).returns('my-user-id')
described_class.expects(:openstack)
.with('user', 'delete', 'my-user-id')
provider.destroy
expect(provider.exists?).to be_falsey
@ -85,14 +78,14 @@ username="user1"
describe '#instances' do
it 'finds every user' do
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('user', 'list', '--quiet', '--format', 'csv', ['--long'])
.returns('"ID","Name","Project Id","Domain","Description","Email","Enabled"
"user1_id","user1","project1_id","domain1_id","user1 description","user1@example.com",True
"user2_id","user2","project2_id","domain2_id","user2 description","user2@example.com",True
"user3_id","user3","project3_id","domain3_id","user3 description","user3@example.com",True
')
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('domain', 'list', '--quiet', '--format', 'csv', [])
.returns('"ID","Name","Enabled","Description"
"default","Default",True,"default"
@ -102,8 +95,7 @@ username="user1"
')
# for self.instances to create the name string in
# resource_to_name
Puppet::Provider::Keystone.expects(:default_domain).times(3).returns('Default')
instances = provider.class.instances
instances = described_class.instances
expect(instances.count).to eq(3)
expect(instances[0].name).to eq('user1::domain1')
expect(instances[0].domain).to eq('domain1')
@ -120,13 +112,11 @@ username="user1"
Puppet::Type.type(:keystone_user).new(:title => 'non_exists', :ensure => :present)]
end
before(:each) do
provider_class.expects(:domain_name_from_id).with('default')
described_class.expects(:domain_name_from_id).with('default')
.returns('Default')
provider_class.expects(:domain_name_from_id).with('domain2_id')
described_class.expects(:domain_name_from_id).with('domain2_id')
.returns('bar')
Puppet::Provider::Keystone.expects(:default_domain).times(7)
.returns('Default')
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('user', 'list', '--quiet', '--format', 'csv', ['--long'])
.returns('"ID","Name","Project Id","Domain","Description","Email","Enabled"
"user1_id","exists","project1_id","default","user1 description","user1@example.com",True
@ -140,7 +130,7 @@ username="user1"
context '.enable' do
describe '-> false' do
it 'properly set enable to false' do
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('user', 'set', ['--disable', '37b7086693ec482389799da5dc546fa4'])
.returns('""')
provider.expects(:id).returns('37b7086693ec482389799da5dc546fa4')
@ -150,7 +140,7 @@ username="user1"
end
describe '-> true' do
it 'properly set enable to true' do
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('user', 'set', ['--enable', '37b7086693ec482389799da5dc546fa4'])
.returns('""')
provider.expects(:id).returns('37b7086693ec482389799da5dc546fa4')
@ -161,7 +151,7 @@ username="user1"
end
context '.email' do
it 'change the mail' do
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('user', 'set', ['--email', 'new email',
'37b7086693ec482389799da5dc546fa4'])
.returns('""')
@ -177,37 +167,37 @@ username="user1"
describe '#password' do
let(:resource_attrs) do
{
:name => 'foo',
:name => 'user_one',
:ensure => 'present',
:enabled => 'True',
:password => 'foo',
:email => 'foo@example.com',
:password => 'pass_one',
:email => 'user_one@example.com',
:domain => 'domain1'
}
end
let(:resource) do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
Puppet::Type::Keystone_user.new(resource_attrs)
end
let :provider do
provider_class.new(resource)
described_class.new(resource)
end
it 'checks the password' do
mock_creds = Puppet::Provider::Openstack::CredentialsV3.new
mock_creds.auth_url='http://127.0.0.1:5000'
mock_creds.password='foo'
mock_creds.username='foo'
mock_creds.user_id='project1_id'
mock_creds.project_id='project-id-1'
mock_creds.auth_url = 'http://127.0.0.1:5000'
mock_creds.password = 'pass_one'
mock_creds.username = 'user_one'
mock_creds.user_id = 'project1_id'
mock_creds.project_id = 'project-id-1'
Puppet::Provider::Openstack::CredentialsV3.expects(:new).returns(mock_creds)
provider_class.expects(:openstack)
.with('project', 'list', '--quiet', '--format', 'csv', ['--user', 'user1_id', '--long'])
described_class.expects(:openstack)
.with('project', 'list', '--quiet', '--format', 'csv',
['--user', 'user1_id', '--long'])
.returns('"ID","Name","Domain ID","Description","Enabled"
"project-id-1","foo","domain1_id","foo",True
"project-id-1","domain_one","domain1_id","Domain One",True
')
Puppet::Provider::Openstack.expects(:openstack)
.with('token', 'issue', ['--format', 'value'])
@ -218,14 +208,15 @@ ac43ec53d5a74a0b9f51523ae41a29f0
')
provider.expects(:id).times(2).returns('user1_id')
password = provider.password
expect(password).to eq('foo')
expect(password).to eq('pass_one')
end
it 'fails the password check' do
provider_class.expects(:openstack)
.with('project', 'list', '--quiet', '--format', 'csv', ['--user', 'user1_id', '--long'])
described_class.expects(:openstack)
.with('project', 'list', '--quiet', '--format', 'csv',
['--user', 'user1_id', '--long'])
.returns('"ID","Name","Domain ID","Description","Enabled"
"project-id-1","foo","domain1_id","foo",True
"project-id-1","domain_one","domain1_id","Domain One",True
')
Puppet::Provider::Openstack.expects(:openstack)
.with('token', 'issue', ['--format', 'value'])
@ -236,17 +227,18 @@ ac43ec53d5a74a0b9f51523ae41a29f0
end
it 'checks the password with domain scoped token' do
provider.instance_variable_get('@property_hash')[:id] = 'project1_id'
provider.instance_variable_get('@property_hash')[:domain] = 'domain1'
provider.expects(:id).twice.returns('project1_id')
provider.expects(:domain).returns('domain1')
mock_creds = Puppet::Provider::Openstack::CredentialsV3.new
mock_creds.auth_url='http://127.0.0.1:5000'
mock_creds.password='foo'
mock_creds.username='foo'
mock_creds.user_id='project1_id'
mock_creds.domain_name='domain1'
mock_creds.auth_url = 'http://127.0.0.1:5000'
mock_creds.password = 'foo'
mock_creds.username = 'foo'
mock_creds.user_id = 'project1_id'
mock_creds.domain_name = 'domain1'
Puppet::Provider::Openstack::CredentialsV3.expects(:new).returns(mock_creds)
provider_class.expects(:openstack)
.with('project', 'list', '--quiet', '--format', 'csv', ['--user', 'project1_id', '--long'])
described_class.expects(:openstack)
.with('project', 'list', '--quiet', '--format', 'csv',
['--user', 'project1_id', '--long'])
.returns('"ID","Name","Domain ID","Description","Enabled"
')
Puppet::Provider::Openstack.expects(:openstack)
@ -257,7 +249,7 @@ e664a386befa4a30878dcef20e79f167
ac43ec53d5a74a0b9f51523ae41a29f0
')
password = provider.password
expect(password).to eq('foo')
expect(password).to eq('pass_one')
end
end
@ -266,7 +258,6 @@ ac43ec53d5a74a0b9f51523ae41a29f0
describe 'when updating a user with unmanaged password' do
let(:resource_attrs) do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
{
:name => 'user1',
:ensure => 'present',
@ -283,7 +274,7 @@ ac43ec53d5a74a0b9f51523ae41a29f0
end
let :provider do
provider_class.new(resource)
described_class.new(resource)
end
it 'should not try to check password' do
@ -294,76 +285,90 @@ ac43ec53d5a74a0b9f51523ae41a29f0
describe 'when managing an user using v3 domains' do
describe '#create' do
before(:each) do
provider_class.expects(:openstack)
.with('user', 'create', '--format', 'shell', ['user1', '--enable', '--password', 'secret', '--email', 'user1@example.com', '--domain', 'domain1'])
.returns('email="user1@example.com"
context 'domain provided' do
before(:each) do
described_class.expects(:openstack)
.with('user', 'create', '--format', 'shell', ['user1', '--enable', '--password', 'secret', '--email', 'user1@example.com', '--domain', 'domain1'])
.returns('email="user1@example.com"
enabled="True"
id="user1_id"
name="user1"
username="user1"
')
end
include_examples 'create the correct resource', [
{
'expected_results' => {
:domain => 'domain1',
:id => 'user1_id',
:name => 'user1',
:domain => 'domain1'
end
include_examples 'create the correct resource', [
{
'expected_results' => {
:id => 'user1_id',
:name => 'user1',
:domain => 'domain1'
}
},
{
'domain in parameter' => {
:name => 'user1',
:ensure => 'present',
:enabled => 'True',
:password => 'secret',
:email => 'user1@example.com',
:domain => 'domain1'
}
},
{
'domain in title' => {
:title => 'user1::domain1',
:ensure => 'present',
:enabled => 'True',
:password => 'secret',
:email => 'user1@example.com'
}
},
{
'domain in parameter override domain in title' => {
:title => 'user1::foobar',
:ensure => 'present',
:enabled => 'True',
:password => 'secret',
:email => 'user1@example.com',
:domain => 'domain1'
}
}
},
{
:name => 'domain1',
:times => 2,
:attributes => {
'Default' => {
:title => 'user1',
]
end
context 'domain not provided' do
before(:each) do
described_class.expects(:openstack)
.with('user', 'create', '--format', 'shell', ['user1', '--enable', '--password', 'secret', '--email', 'user1@example.com', '--domain', 'Default'])
.returns('email="user1@example.com"
enabled="True"
id="user1_id"
name="user1"
username="user1"
')
end
include_examples 'create the correct resource', [
{
'expected_results' => {
:domain => 'Default',
:id => 'user1_id',
:name => 'user1',
}
},
{
'domain in parameter' => {
:name => 'user1',
:ensure => 'present',
:enabled => 'True',
:password => 'secret',
:email => 'user1@example.com'
}
}
},
{
'domain in parameter' => {
:name => 'user1',
:ensure => 'present',
:enabled => 'True',
:password => 'secret',
:email => 'user1@example.com',
:domain => 'domain1',
:default_domain => 1
}
},
{
'domain in title' => {
:title => 'user1::domain1',
:ensure => 'present',
:enabled => 'True',
:password => 'secret',
:email => 'user1@example.com',
:default_domain => 1
}
},
{
'domain in parameter override domain in title' => {
:title => 'user1::foobar',
:ensure => 'present',
:enabled => 'True',
:password => 'secret',
:email => 'user1@example.com',
:domain => 'domain1',
:default_domain => 1
}
},
]
]
end
end
describe '#prefetch' do
let(:resources) do
Puppet::Provider::Keystone.expects(:default_domain).twice.returns('Default')
[
Puppet::Type.type(:keystone_user)
.new(:title => 'exists::domain1', :ensure => :present),
@ -373,13 +378,11 @@ username="user1"
end
before(:each) do
# Used to make the final display name
provider_class.expects(:default_domain).times(3).returns('Default')
provider_class.expects(:domain_name_from_id)
described_class.expects(:domain_name_from_id)
.with('domain1_id').returns('domain1')
provider_class.expects(:domain_name_from_id)
described_class.expects(:domain_name_from_id)
.with('domain2_id').returns('bar')
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('user', 'list', '--quiet', '--format', 'csv', ['--long'])
.returns('"ID","Name","Project Id","Domain","Description","Email","Enabled"
"user1_id","exists","project1_id","domain1_id","user1 description","user1@example.com",True
@ -391,7 +394,6 @@ username="user1"
context 'different name, identical resource' do
let(:resources) do
Puppet::Provider::Keystone.expects(:default_domain).twice.returns('Default')
[
Puppet::Type.type(:keystone_user)
.new(:title => 'name::domain_one', :ensure => :present),

151
spec/unit/provider/keystone_user_role/openstack_spec.rb
View File

@ -4,9 +4,7 @@ require 'puppet/provider/keystone_user_role/openstack'
setup_provider_tests
provider_class = Puppet::Type.type(:keystone_user_role).provider(:openstack)
describe provider_class do
describe Puppet::Type.type(:keystone_user_role).provider(:openstack) do
let(:set_env) do
ENV['OS_USERNAME'] = 'test'
@ -17,15 +15,14 @@ describe provider_class do
before(:each) { set_env }
after(:each) { provider_class.reset }
after(:each) { described_class.reset }
describe 'when managing a user\'s role' do
let(:resource_attrs) do
Puppet::Provider::Keystone.expects(:default_domain).twice.returns('Default')
{
:title => 'user1::domain1@project1::domain1',
:ensure => 'present',
:roles => %w(role1 role2)
:title => 'user1::domain1@project1::domain1',
:ensure => 'present',
:roles => %w(role1 role2)
}
end
@ -34,34 +31,34 @@ describe provider_class do
end
let(:provider) do
provider_class.new(resource)
described_class.new(resource)
end
describe '#create' do
before(:each) do
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('role', 'list', '--quiet', '--format', 'csv',
['--project', 'project1_id', '--user', 'user1_id' ])
['--project', 'project1_id', '--user', 'user1_id'])
.returns('"ID","Name","Project","User"
"role1_id","role1","project1","user1"
"role2_id","role2","project1","user1"
')
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('role', 'add',
['role1', '--project', 'project1_id', '--user', 'user1_id'])
provider_class.expects(:openstack)
['role1', '--project', 'project1_id', '--user', 'user1_id'])
described_class.expects(:openstack)
.with('role', 'add',
['role2', '--project', 'project1_id', '--user', 'user1_id'])
provider_class.expects(:openstack)
['role2', '--project', 'project1_id', '--user', 'user1_id'])
described_class.expects(:openstack)
.with('project', 'show', '--format', 'shell',
['project1', '--domain', 'domain1'])
['project1', '--domain', 'domain1'])
.returns('name="project1"
id="project1_id"
')
provider_class.expects(:openstack)
described_class.expects(:openstack)
.with('user', 'show', '--format', 'shell',
['user1', '--domain', 'domain1'])
['user1', '--domain', 'domain1'])
.returns('name="user1"
id="user1_id"
')
@ -70,23 +67,11 @@ id="user1_id"
{
'expected_results' => {}
},
{
:name => 'domain1',
:times => 4,
:attributes => {
'Default' => {
:title => 'user1@project1',
:ensure => 'present',
:roles => %w(role1 role2)
}
}
},
{
'all in the title' => {
:title => 'user1::domain1@project1::domain1',
:ensure => 'present',
:roles => %w(role1 role2),
:default_domain => 2
:roles => %w(role1 role2)
}
},
{
@ -94,8 +79,7 @@ id="user1_id"
:title => 'user1::domain1@project1',
:ensure => 'present',
:project_domain => 'domain1',
:roles => %w(role1 role2),
:default_domain => 2
:roles => %w(role1 role2)
}
},
{
@ -104,8 +88,7 @@ id="user1_id"
:ensure => 'present',
:project_domain => 'domain1',
:user_domain => 'domain1',
:roles => %w(role1 role2),
:default_domain => 2
:roles => %w(role1 role2)
}
},
{
@ -113,32 +96,36 @@ id="user1_id"
:title => 'user1@project1::domain1',
:ensure => 'present',
:user_domain => 'domain1',
:roles => %w(role1 role2),
:default_domain => 2
:roles => %w(role1 role2)
}
},
}
]
end
describe '#destroy' do
it 'removes all the roles from a user' do
provider.instance_variable_get('@property_hash')[:roles] = ['role1', 'role2']
provider.class.expects(:openstack)
.with('role', 'remove', ['role1', '--project', 'project1_id', '--user', 'user1_id'])
provider.class.expects(:openstack)
.with('role', 'remove', ['role2', '--project', 'project1_id', '--user', 'user1_id'])
provider.class.expects(:openstack)
.with('project', 'show', '--format', 'shell', ['project1', '--domain', 'domain1'])
described_class.expects(:openstack)
.with('role', 'remove',
['role1', '--project', 'project1_id', '--user', 'user1_id'])
described_class.expects(:openstack)
.with('role', 'remove',
['role2', '--project', 'project1_id', '--user', 'user1_id'])
described_class.expects(:openstack)
.with('project', 'show', '--format', 'shell',
['project1', '--domain', 'domain1'])
.returns('name="project1"
id="project1_id"
')
provider.class.expects(:openstack)
.with('user', 'show', '--format', 'shell', ['user1', '--domain', 'domain1'])
described_class.expects(:openstack)
.with('user', 'show', '--format', 'shell',
['user1', '--domain', 'domain1'])
.returns('name="user1"
id="user1_id"
')
provider.class.expects(:openstack)
.with('role', 'list', '--quiet', '--format', 'csv', ['--project', 'project1_id', '--user', 'user1_id'])
described_class.expects(:openstack)
.with('role', 'list', '--quiet', '--format', 'csv',
['--project', 'project1_id', '--user', 'user1_id'])
.returns('"ID","Name","Project","User"
')
provider.destroy
@ -148,19 +135,22 @@ id="user1_id"
describe '#exists' do
subject(:response) do
provider.class.expects(:openstack)
.with('role', 'list', '--quiet', '--format', 'csv', ['--project', 'project1_id', '--user', 'user1_id' ])
described_class.expects(:openstack)
.with('role', 'list', '--quiet', '--format', 'csv',
['--project', 'project1_id', '--user', 'user1_id'])
.returns('"ID","Name","Project","User"
"role1_id","role1","project1","user1"
"role2_id","role2","project1","user1"
')
provider.class.expects(:openstack)
.with('project', 'show', '--format', 'shell', ['project1', '--domain', 'domain1'])
described_class.expects(:openstack)
.with('project', 'show', '--format', 'shell',
['project1', '--domain', 'domain1'])
.returns('name="project1"
id="project1_id"
')
provider.class.expects(:openstack)
.with('user', 'show', '--format', 'shell', ['user1', '--domain', 'domain1'])
described_class.expects(:openstack)
.with('user', 'show', '--format', 'shell',
['user1', '--domain', 'domain1'])
.returns('name="user1"
id="user1_id"
')
@ -180,23 +170,22 @@ id="user1_id"
projectmock = project_class.new(:id => 'project1_id', :name => 'project1')
# 2 for tenant and user and 2 for user_role
Puppet::Provider::Keystone.expects(:default_domain).times(4).returns('Default')
project_class.expects(:instances).with(any_parameters).returns([projectmock])
provider.class.expects(:openstack)
described_class.expects(:openstack)
.with('role', 'list', '--quiet', '--format', 'csv', [])
.returns('"ID","Name"
"role1-id","role1"
"role2-id","role2"
')
provider.class.expects(:openstack)
described_class.expects(:openstack)
.with('role assignment', 'list', '--quiet', '--format', 'csv', [])
.returns('
"Role","User","Group","Project","Domain"
"role1-id","user1_id","","project1_id","Default"
"role2-id","user1_id","","project1_id","Default"
')
instances = provider.class.instances
instances = described_class.instances
expect(instances.count).to eq(1)
expect(instances[0].name).to eq('user1@project1')
expect(instances[0].roles).to eq(['role1', 'role2'])
@ -210,31 +199,36 @@ id="user1_id"
describe '#roles=' do
let(:resource_attrs) do
{
:title => 'foo@foo',
:ensure => 'present',
:roles => ['one', 'two'],
:title => 'user_one@project_one',
:ensure => 'present',
:roles => %w(one two)
}
end
it 'applies new roles' do
Puppet::Provider::Keystone.expects(:default_domain).times(4).returns('Default')
provider.instance_variable_get('@property_hash')[:roles] = ['foo', 'bar']
provider.class.expects(:openstack)
.with('role', 'remove', ['foo', '--project', 'project1_id', '--user', 'user1_id'])
provider.class.expects(:openstack)
.with('role', 'remove', ['bar', '--project', 'project1_id', '--user', 'user1_id'])
provider.class.expects(:openstack)
.with('role', 'add', ['one', '--project', 'project1_id', '--user', 'user1_id'])
provider.class.expects(:openstack)
.with('role', 'add', ['two', '--project', 'project1_id', '--user', 'user1_id'])
provider.class.expects(:openstack)
.with('project', 'show', '--format', 'shell', ['foo', '--domain', 'Default'])
.returns('name="foo"
provider.expects(:roles).returns(%w(role_one role_two))
described_class.expects(:openstack)
.with('role', 'remove',
['role_one', '--project', 'project1_id', '--user', 'user1_id'])
described_class.expects(:openstack)
.with('role', 'remove',
['role_two', '--project', 'project1_id', '--user', 'user1_id'])
described_class.expects(:openstack)
.with('role', 'add',
['one', '--project', 'project1_id', '--user', 'user1_id'])
described_class.expects(:openstack)
.with('role', 'add',
['two', '--project', 'project1_id', '--user', 'user1_id'])
described_class.expects(:openstack)
.with('project', 'show', '--format', 'shell',
['project_one', '--domain', 'Default'])
.returns('name="project_one"
id="project1_id"
')
provider.class.expects(:openstack)
.with('user', 'show', '--format', 'shell', ['foo', '--domain', 'Default'])
.returns('name="foo"
described_class.expects(:openstack)
.with('user', 'show', '--format', 'shell',
['user_one', '--domain', 'Default'])
.returns('name="role_one"
id="user1_id"
')
provider.roles = %w(one two)
@ -243,7 +237,6 @@ id="user1_id"
context 'different name, identical resource' do
let(:resources) do
Puppet::Provider::Keystone.expects(:default_domain).times(4).returns('Default')
[
Puppet::Type.type(:keystone_user_role)
.new(:title => 'user::domain_user@project::domain_project',

8
spec/unit/type/keystone_tenant_spec.rb
View File

@ -13,7 +13,6 @@ describe Puppet::Type.type(:keystone_tenant) do
end
it 'should not accept id property' do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
expect { project }.to raise_error(Puppet::Error,
/This is a read only property/)
end
@ -21,12 +20,11 @@ describe Puppet::Type.type(:keystone_tenant) do
describe 'name::domain' do
include_examples 'parse title correctly',
:name => 'name',
:domain => 'domain',
:calling_default => 1
:domain => 'domain'
end
describe 'name' do
include_examples 'parse title correctly',
:name => 'name', :domain => 'Default', :calling_default => 2
:name => 'name', :domain => 'Default'
end
describe 'name::domain::extra' do
include_examples 'croak on the title'
@ -43,7 +41,6 @@ describe Puppet::Type.type(:keystone_tenant) do
context 'domain autorequire from title' do
let(:project) do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
Puppet::Type.type(:keystone_tenant).new(:title => 'tenant::domain_project')
end
describe 'should require the correct domain' do
@ -53,7 +50,6 @@ describe Puppet::Type.type(:keystone_tenant) do
end
context 'domain autorequire from parameter' do
let(:project) do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
Puppet::Type.type(:keystone_tenant).new(:title => 'tenant',
:domain => 'domain_project')
end

31
spec/unit/type/keystone_user_role_spec.rb
View File

@ -5,7 +5,6 @@ require 'puppet/type/keystone_user_role'
describe Puppet::Type.type(:keystone_user_role) do
before :each do
Puppet::Provider::Keystone.expects(:default_domain).times(4).returns('Default')
@user_roles = Puppet::Type.type(:keystone_user_role).new(
:title => 'foo@bar',
:roles => ['a', 'b']
@ -33,8 +32,7 @@ describe Puppet::Type.type(:keystone_user_role) do
:user_domain => 'user_domain',
:project => 'project',
:project_domain => 'project_domain',
:domain => PuppetX::Keystone::CompositeNamevar::Unset,
:calling_default => 2
:domain => PuppetX::Keystone::CompositeNamevar::Unset
end
describe "#{user}::user_domain@::domain" do
@ -43,8 +41,7 @@ describe Puppet::Type.type(:keystone_user_role) do
:user_domain => 'user_domain',
:project => PuppetX::Keystone::CompositeNamevar::Unset,
:project_domain => PuppetX::Keystone::CompositeNamevar::Unset,
:domain => 'domain',
:calling_default => 2
:domain => 'domain'
end
describe "#{user}::user_domain@project" do
@ -53,8 +50,7 @@ describe Puppet::Type.type(:keystone_user_role) do
:user_domain => 'user_domain',
:project => 'project',
:project_domain => 'Default',
:domain => PuppetX::Keystone::CompositeNamevar::Unset,
:calling_default => 3
:domain => PuppetX::Keystone::CompositeNamevar::Unset
end
describe "#{user}@project::project_domain" do
@ -63,8 +59,7 @@ describe Puppet::Type.type(:keystone_user_role) do
:user_domain => 'Default',
:project => 'project',
:project_domain => 'project_domain',
:domain => PuppetX::Keystone::CompositeNamevar::Unset,
:calling_default => 3
:domain => PuppetX::Keystone::CompositeNamevar::Unset
end
describe "#{user}@::domain" do
@ -73,8 +68,7 @@ describe Puppet::Type.type(:keystone_user_role) do
:user_domain => 'Default',
:project => PuppetX::Keystone::CompositeNamevar::Unset,
:project_domain => PuppetX::Keystone::CompositeNamevar::Unset,
:domain => 'domain',
:calling_default => 3
:domain => 'domain'
end
describe "#{user}@project" do
@ -83,8 +77,7 @@ describe Puppet::Type.type(:keystone_user_role) do
:user_domain => 'Default',
:project => 'project',
:project_domain => 'Default',
:domain => PuppetX::Keystone::CompositeNamevar::Unset,
:calling_default => 4
:domain => PuppetX::Keystone::CompositeNamevar::Unset
end
describe "#{user}@proj:ect" do
@ -93,8 +86,7 @@ describe Puppet::Type.type(:keystone_user_role) do
:user_domain => 'Default',
:project => 'proj:ect',
:project_domain => 'Default',
:domain => PuppetX::Keystone::CompositeNamevar::Unset,
:calling_default => 4
:domain => PuppetX::Keystone::CompositeNamevar::Unset
end
end
describe 'name::domain::foo@project' do
@ -115,37 +107,29 @@ describe Puppet::Type.type(:keystone_user_role) do
describe '#autorequire' do
let(:project_good) do
Puppet::Provider::Keystone.expects(:default_domain).twice.returns('Default')
Puppet::Type.type(:keystone_tenant).new(:title => 'bar')
end
let(:project_good_ml) do
Puppet::Provider::Keystone.expects(:default_domain).twice.returns('Default')
Puppet::Type.type(:keystone_tenant).new(:title => 'blah',
:name => 'bar')
end
let(:project_good_fq) do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
Puppet::Type.type(:keystone_tenant).new(:title => 'bar::Default')
end
let(:project_bad) do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
Puppet::Type.type(:keystone_tenant).new(:title => 'bar::other_domain')
end
let(:user_good) do
Puppet::Provider::Keystone.expects(:default_domain).twice.returns('Default')
Puppet::Type.type(:keystone_user).new(:title => 'foo')
end
let(:user_good_ml) do
Puppet::Provider::Keystone.expects(:default_domain).twice.returns('Default')
Puppet::Type.type(:keystone_user).new(:title => 'blah',
:name => 'foo')
end
let(:user_good_fq) do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
Puppet::Type.type(:keystone_user).new(:title => 'foo::Default')
end
let(:user_bad) do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
Puppet::Type.type(:keystone_user).new(:title => 'foo::other_domain')
end
let(:domain) do
@ -201,7 +185,6 @@ describe Puppet::Type.type(:keystone_user_role) do
describe 'parameter conflict' do
let(:user_roles) do
Puppet::Provider::Keystone.expects(:default_domain).at_least(0).returns('Default')
Puppet::Type.type(:keystone_user_role).new(
:title => 'user@::domain',
:project => 'project',

6
spec/unit/type/keystone_user_spec.rb
View File

@ -6,11 +6,11 @@ describe Puppet::Type.type(:keystone_user) do
describe 'name::domain' do
include_examples 'parse title correctly',
:name => 'name', :domain => 'domain', :calling_default => 1
:name => 'name', :domain => 'domain'
end
describe 'name' do
include_examples 'parse title correctly',
:name => 'name', :domain => 'Default', :calling_default => 2
:name => 'name', :domain => 'Default'
end
describe 'name::domain::foo' do
include_examples 'croak on the title'
@ -27,7 +27,6 @@ describe Puppet::Type.type(:keystone_user) do
context 'domain autorequire from title' do
let(:user) do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
Puppet::Type.type(:keystone_user).new(:title => 'foo::domain_user')
end
describe 'should require the correct domain' do
@ -37,7 +36,6 @@ describe Puppet::Type.type(:keystone_user) do
end
context 'domain autorequire from parameter' do
let(:user) do
Puppet::Provider::Keystone.expects(:default_domain).returns('Default')
Puppet::Type.type(:keystone_user).new(
:title => 'foo',
:domain => 'domain_user'