diff --git a/manifests/cron/token_flush.pp b/manifests/cron/token_flush.pp index 6dba32b47..565e0c0e9 100644 --- a/manifests/cron/token_flush.pp +++ b/manifests/cron/token_flush.pp @@ -49,6 +49,10 @@ # (optional) Path to file to which rows should be archived # Defaults to '/var/log/keystone/keystone-tokenflush.log'. # +# [*user*] +# (optional) Defaults to 'keystone'. +# Allow to run the crontab on behalf any user. +# class keystone::cron::token_flush ( $ensure = present, $minute = 1, @@ -57,7 +61,8 @@ class keystone::cron::token_flush ( $month = '*', $weekday = '*', $maxdelay = 0, - $destination = '/var/log/keystone/keystone-tokenflush.log' + $destination = '/var/log/keystone/keystone-tokenflush.log', + $user = 'keystone', ) { if $maxdelay == 0 { @@ -70,11 +75,12 @@ class keystone::cron::token_flush ( ensure => $ensure, command => "${sleep}keystone-manage token_flush >>${destination} 2>&1", environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', - user => 'keystone', + user => $user, minute => $minute, hour => $hour, monthday => $monthday, month => $month, - weekday => $weekday + weekday => $weekday, + require => Package['keystone'], } } diff --git a/manifests/db/sync.pp b/manifests/db/sync.pp index 50492a426..48128eb48 100644 --- a/manifests/db/sync.pp +++ b/manifests/db/sync.pp @@ -19,7 +19,6 @@ class keystone::db::sync( user => 'keystone', refreshonly => true, subscribe => [Package['keystone'], Keystone_config['database/connection']], - require => User['keystone'], } Exec['keystone-manage db_sync'] ~> Service<| title == 'keystone' |> diff --git a/manifests/init.pp b/manifests/init.pp index 85d706969..a362bfcb1 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -651,33 +651,14 @@ class keystone( } } - group { 'keystone': - ensure => present, - system => true, - require => Package['keystone'], - } - - user { 'keystone': - ensure => 'present', - gid => 'keystone', - system => true, - require => Package['keystone'], - } - file { ['/etc/keystone', '/var/log/keystone', '/var/lib/keystone']: ensure => directory, - mode => '0750', - owner => 'keystone', - group => 'keystone', require => Package['keystone'], notify => Service[$service_name], } file { '/etc/keystone/keystone.conf': ensure => present, - mode => '0600', - owner => 'keystone', - group => 'keystone', require => Package['keystone'], notify => Service[$service_name], } @@ -812,12 +793,10 @@ class keystone( if $enable_pki_setup { exec { 'keystone-manage pki_setup': path => '/usr/bin', - user => 'keystone', refreshonly => true, creates => $signing_keyfile, notify => Service[$service_name], subscribe => Package['keystone'], - require => User['keystone'], } } @@ -939,7 +918,6 @@ class keystone( validate_string($fernet_key_repository) exec { 'keystone-manage fernet_setup': path => '/usr/bin', - user => 'keystone', refreshonly => true, creates => "${fernet_key_repository}/0", notify => Service[$service_name], diff --git a/spec/classes/keystone_cron_token_flush_spec.rb b/spec/classes/keystone_cron_token_flush_spec.rb index 3560e00a5..0f9dc63d8 100644 --- a/spec/classes/keystone_cron_token_flush_spec.rb +++ b/spec/classes/keystone_cron_token_flush_spec.rb @@ -28,7 +28,8 @@ describe 'keystone::cron::token_flush' do :hour => params[:hour], :monthday => params[:monthday], :month => params[:month], - :weekday => params[:weekday] + :weekday => params[:weekday], + :require => 'Package[keystone]', ) end end @@ -50,7 +51,31 @@ describe 'keystone::cron::token_flush' do :hour => params[:hour], :monthday => params[:monthday], :month => params[:month], - :weekday => params[:weekday] + :weekday => params[:weekday], + :require => 'Package[keystone]', + ) + end + end + + describe 'when specifying a user param' do + let :params do + { + :user => 'keystonecustom' + } + end + + it 'configures a cron with delay' do + is_expected.to contain_cron('keystone-manage token_flush').with( + :ensure => 'present', + :command => 'keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1', + :environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', + :user => 'keystonecustom', + :minute => 1, + :hour => 0, + :monthday => '*', + :month => '*', + :weekday => '*', + :require => 'Package[keystone]', ) end end @@ -72,7 +97,8 @@ describe 'keystone::cron::token_flush' do :hour => params[:hour], :monthday => params[:monthday], :month => params[:month], - :weekday => params[:weekday] + :weekday => params[:weekday], + :require => 'Package[keystone]', ) end end diff --git a/spec/classes/keystone_db_sync_spec.rb b/spec/classes/keystone_db_sync_spec.rb index bedc14c8b..c5f82a00c 100644 --- a/spec/classes/keystone_db_sync_spec.rb +++ b/spec/classes/keystone_db_sync_spec.rb @@ -9,7 +9,6 @@ describe 'keystone::db::sync' do :user => 'keystone', :refreshonly => true, :subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'], - :require => 'User[keystone]' ) } end @@ -27,7 +26,6 @@ describe 'keystone::db::sync' do :user => 'keystone', :refreshonly => true, :subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'], - :require => 'User[keystone]' ) } end diff --git a/spec/classes/keystone_spec.rb b/spec/classes/keystone_spec.rb index 4d5164d25..d17ba13ec 100644 --- a/spec/classes/keystone_spec.rb +++ b/spec/classes/keystone_spec.rb @@ -127,24 +127,10 @@ describe 'keystone' do 'ensure' => param_hash['client_package_ensure'], ) } - it { is_expected.to contain_group('keystone').with( - 'ensure' => 'present', - 'system' => true - ) } - - it { is_expected.to contain_user('keystone').with( - 'ensure' => 'present', - 'gid' => 'keystone', - 'system' => true - ) } - it 'should contain the expected directories' do ['/etc/keystone', '/var/log/keystone', '/var/lib/keystone'].each do |d| is_expected.to contain_file(d).with( 'ensure' => 'directory', - 'owner' => 'keystone', - 'group' => 'keystone', - 'mode' => '0750', 'require' => 'Package[keystone]' ) end @@ -157,7 +143,6 @@ describe 'keystone' do :user => 'keystone', :refreshonly => true, :subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'], - :require => 'User[keystone]' ) end end