Add association of the admin user to a domain.
If the user specify target_admin_domain then the admin user will be admin in this domain. Change-Id: Ia0661f9ab8807a96d3c7de22de4e4624db9e7f28 Closes-bug: 1589933
This commit is contained in:
parent
174d257981
commit
beab6cecff
@ -53,6 +53,11 @@
|
||||
# Optional. Domain of the admin user
|
||||
# Defaults to undef (undef will resolve to class keystone $default_domain)
|
||||
#
|
||||
# [*target_admin_domain*]
|
||||
# Optional. Domain where the admin user will have the $admin_role
|
||||
# Defaults to undef (undef will not associate the $admin_role to any
|
||||
# domain, only project)
|
||||
#
|
||||
# [*admin_project_domain*]
|
||||
# Optional. Domain of the admin tenant
|
||||
# Defaults to undef (undef will resolve to class keystone $default_domain)
|
||||
@ -85,11 +90,12 @@ class keystone::roles::admin(
|
||||
$admin_user_domain = undef,
|
||||
$admin_project_domain = undef,
|
||||
$service_project_domain = undef,
|
||||
$target_admin_domain = undef,
|
||||
) {
|
||||
|
||||
include ::keystone::deps
|
||||
|
||||
$domains = unique(delete_undef_values([ $admin_user_domain, $admin_project_domain, $service_project_domain]))
|
||||
$domains = unique(delete_undef_values([ $admin_user_domain, $admin_project_domain, $service_project_domain, $target_admin_domain]))
|
||||
keystone_domain { $domains:
|
||||
ensure => present,
|
||||
enabled => true,
|
||||
@ -131,6 +137,15 @@ class keystone::roles::admin(
|
||||
roles => $admin_roles,
|
||||
}
|
||||
Keystone_user_role["${admin}@${admin_tenant}"] -> File<| tag == 'openrc' |>
|
||||
|
||||
if $target_admin_domain {
|
||||
keystone_user_role { "${admin}@::${target_admin_domain}":
|
||||
ensure => present,
|
||||
user_domain => $admin_user_domain,
|
||||
roles => $admin_roles,
|
||||
}
|
||||
Keystone_user_role["${admin}@::${target_admin_domain}"] -> File<| tag == 'openrc' |>
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- Implement `bug 1589933
|
||||
<https://bugs.launchpad.net/puppet-keystone/+bug/1589933>`__ so now
|
||||
one associate the admin to admin_role for an entire domain if it
|
||||
uses the target_admin_domain parameter in the auth.pp class.
|
@ -193,4 +193,26 @@ describe 'keystone::roles::admin' do
|
||||
end
|
||||
it { is_expected.to contain_keystone_domain('admin_domain') }
|
||||
end
|
||||
|
||||
describe 'when specifying a target admin domain' do
|
||||
let :params do
|
||||
{
|
||||
:email => 'foo@bar',
|
||||
:password => 'ChangeMe',
|
||||
:admin_user_domain => 'admin_domain',
|
||||
:admin_project_domain => 'admin_domain',
|
||||
:target_admin_domain => 'admin_domain_target'
|
||||
}
|
||||
end
|
||||
let(:pre_condition) { 'file { "/root/openrc": tag => ["openrc"]}' }
|
||||
it { is_expected.to contain_keystone_domain('admin_domain_target') }
|
||||
it { is_expected.to contain_keystone_user_role('admin@::admin_domain_target')
|
||||
.with(
|
||||
:roles => ['admin'],
|
||||
:ensure => 'present',
|
||||
:user_domain => 'admin_domain',
|
||||
)
|
||||
.that_comes_before('File[/root/openrc]')
|
||||
}
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user