Enable credential setup by default

Credential setup should have been enabled by default when the credential feature in keystone become available in in UCA but we missed updating the parameter default. This change updates the parameter because the credential parameter is available in UCA as well. Change-Id: I56bcc20d69110f25645c13230036341a9c5c519b
2021-12-13 22:55:56 +09:00 · 2021-12-13 22:55:56 +09:00 · b4e600bbd0
commit b4e600bbd0
parent c1e3ff8c48
3 changed files with 33 additions and 20 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -283,8 +283,6 @@
 #   order to let Puppet manage Keystone keys in a consistent way, otherwise
 #   keystone-manage will generate different set of keys on keystone nodes and the
 #   service won't work.
-#   This feature was added at the end of Newton. The default value is now False
-#   by default but will switch to True once UCA will have latest Keystone version.
 #   Defaults to False
 #
 # [*credential_key_repository*]
@ -460,7 +458,7 @@ class keystone(
  $fernet_max_active_keys               = $::os_service_default,
  $fernet_keys                          = false,
  $fernet_replace_keys                  = true,
-  $enable_credential_setup              = false,
+  $enable_credential_setup              = true,
  $credential_key_repository            = '/etc/keystone/credential-keys',
  $credential_keys                      = false,
  $default_domain                       = undef,
--- a/releasenotes/notes/enable-credental-setup-by-default-98fcc7d80cfdb39a.yaml
+++ b/releasenotes/notes/enable-credental-setup-by-default-98fcc7d80cfdb39a.yaml
@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Default value of the ``keystone::enable_credential_setup`` parameter has
+    been updated from ``false`` to ``true``.
--- a/spec/classes/keystone_init_spec.rb
+++ b/spec/classes/keystone_init_spec.rb
@ -101,6 +101,21 @@ describe 'keystone' do
      it { is_expected.to contain_exec('keystone-manage db_sync') }

      it { is_expected.to_not contain_file('/etc/keystone/domains') }
+
+      it { is_expected.to contain_file('/etc/keystone/credential-keys').with(
+        :ensure => 'directory',
+        :owner  => 'keystone',
+        :group  => 'keystone',
+        'mode'  => '0600',
+      ) }
+
+      it { is_expected.to contain_exec('keystone-manage credential_setup').with(
+        :command => 'keystone-manage credential_setup --keystone-user keystone --keystone-group keystone',
+        :user    => 'keystone',
+        :creates => '/etc/keystone/credential-keys/0',
+        :require => 'File[/etc/keystone/credential-keys]',
+      ) }
+      it { is_expected.to contain_keystone_config('credential/key_repository').with_value('/etc/keystone/credential-keys')}
    end

    context 'with overridden parameters' do
@ -309,28 +324,16 @@ describe 'keystone' do
      ) }
    end

-    context 'when enabling credential_setup' do
+    context 'when disabling credential_setup' do
      let :params do
        {
-          'enable_credential_setup'   => true,
-          'credential_key_repository' => '/etc/keystone/credential-keys',
+          'enable_credential_setup' => false,
        }
      end

-      it { is_expected.to contain_file(params['credential_key_repository']).with(
-        :ensure => 'directory',
-        :owner  => 'keystone',
-        :group  => 'keystone',
-        'mode'  => '0600',
-      ) }
-
-      it { is_expected.to contain_exec('keystone-manage credential_setup').with(
-        :command => 'keystone-manage credential_setup --keystone-user keystone --keystone-group keystone',
-        :user    => 'keystone',
-        :creates => '/etc/keystone/credential-keys/0',
-        :require => 'File[/etc/keystone/credential-keys]',
-      ) }
-      it { is_expected.to contain_keystone_config('credential/key_repository').with_value('/etc/keystone/credential-keys')}
+      it { is_expected.to_not contain_file('/etc/keystone/credential-keys') }
+      it { is_expected.to_not contain_exec('keystone-manage credential_setup') }
+      it { is_expected.to contain_keystone_config('credential/key_repository').with_value('/etc/keystone/credential-keys') }
    end

    context 'when overriding the credential key directory' do
@ -341,9 +344,16 @@ describe 'keystone' do
        }
      end

+      it { is_expected.to contain_file('/var/lib/credential-keys').with(
+        :ensure => 'directory',
+        :owner  => 'keystone',
+        :group  => 'keystone',
+        'mode'  => '0600',
+      ) }
      it { is_expected.to contain_exec('keystone-manage credential_setup').with(
        :creates => '/var/lib/credential-keys/0'
      ) }
+      it { is_expected.to contain_keystone_config('credential/key_repository').with_value('/var/lib/credential-keys') }
    end

    context 'when overriding the keystone group and user' do