roles/admin.pp: Allow one to specify various $admin_roles

Currently, there is no way to specify various admin roles, just 'admin'. This PR aims to make this behavior more flexible. Change-Id: I3acba631008b736c7d2d383b86ee97560b589512
2014-10-31 16:26:45 -04:00
parent 3f64ee48fa
commit bbcfa72837
2 changed files with 6 additions and 3 deletions
--- a/manifests/roles/admin.pp
+++ b/manifests/roles/admin.pp
@@ -12,6 +12,7 @@
 #
 # [email] The email address for the admin. Required.
 # [password] The admin password. Required.
+# [admin_roles] The list of the roles with admin privileges. Optional. Defaults to ['admin'].
 # [admin_tenant] The name of the tenant to be used for admin privileges. Optional. Defaults to openstack.
 # [admin] Admin user. Optional. Defaults to admin.
 # [ignore_default_tenant] Ignore setting the default tenant value when the user is created. Optional. Defaults to false.
@@ -35,6 +36,7 @@ class keystone::roles::admin(
  $password,
  $admin                  = 'admin',
  $admin_tenant           = 'openstack',
+  $admin_roles            = ['admin'],
  $service_tenant         = 'services',
  $ignore_default_tenant  = false,
  $admin_tenant_desc      = 'admin tenant',
@@ -71,7 +73,7 @@ class keystone::roles::admin(
  if $configure_user_role {
    keystone_user_role { "${admin}@${admin_tenant}":
      ensure => present,
-      roles  => 'admin',
+      roles  => $admin_roles,
    }
  }

--- a/spec/classes/keystone_roles_admin_spec.rb
+++ b/spec/classes/keystone_roles_admin_spec.rb
@@ -31,7 +31,7 @@ describe 'keystone::roles::admin' do
    )}
    it { should contain_keystone_role('admin').with_ensure('present') }
    it { should contain_keystone_user_role('admin@openstack').with(
-      :roles  => 'admin',
+      :roles  => ['admin'],
      :ensure => 'present'
    )}

@@ -45,6 +45,7 @@ describe 'keystone::roles::admin' do
        :email                  => 'foo@baz',
        :password               => 'foo',
        :admin_tenant           => 'admin',
+        :admin_roles            => ['admin', 'heat_stack_owner'],
        :service_tenant         => 'foobar',
        :ignore_default_tenant  => 'true',
        :admin_tenant_desc      => 'admin something else',
@@ -71,7 +72,7 @@ describe 'keystone::roles::admin' do
      :ignore_default_tenant  => 'true'
    )}
    it { should contain_keystone_user_role('admin@admin').with(
-      :roles  => 'admin',
+      :roles  => ['admin', 'heat_stack_owner'],
      :ensure => 'present'
    )}