Use an Anchor when service is managed

Today, Keystone resources (domains, tenants, etc) are created only if
'keystone' service is started.
When running Keystone in WSGI, the autorequire is broken for those
resources.
Adding 'httpd' in autorequire is not enough because it could fail to
orchestration issues if running another httpd resource (Horizon) that
depends on having Keystone started.

This patch is about to create an Anchor (keystone_started) in
keystone::service that require Service['keystone'] resource to be
created.
In resource types, change the autorequire to depend on the new Anchor.

With that patch, we are sure Keystone resources won't be created before
service is actually managed (running or stopped) and other resources
(Horizon, using httpd server) can also depend on this Anchor if needed.

Change-Id: Ie72b65b6be224cadc8730e050bec38d2face5dfd
Closes-bug: #1474059

lib/puppet/type/keystone_domain.rb

@@ -46,8 +46,8 @@ Puppet::Type.newtype(:keystone_domain) do
   end
 
   # we should not do anything until the keystone service is started
-  autorequire(:service) do
-    'keystone'
+  autorequire(:anchor) do
+    ['keystone_started']
   end
 
 

lib/puppet/type/keystone_endpoint.rb

@@ -31,8 +31,8 @@ Puppet::Type.newtype(:keystone_endpoint) do
   end
 
   # we should not do anything until the keystone service is started
-  autorequire(:service) do
-    ['keystone']
+  autorequire(:anchor) do
+    ['keystone_started']
   end
 
   autorequire(:keystone_service) do

lib/puppet/type/keystone_role.rb

@@ -22,7 +22,7 @@ Puppet::Type.newtype(:keystone_role) do
   end
 
   # we should not do anything until the keystone service is started
-  autorequire(:service) do
-    ['keystone']
+  autorequire(:anchor) do
+    ['keystone_started']
   end
 end

lib/puppet/type/keystone_service.rb

@@ -35,7 +35,7 @@ Puppet::Type.newtype(:keystone_service) do
   # config is configured IF we need them for authentication.
   # If there is no keystone config, authentication credentials
   # need to come from another source.
-  autorequire(:service) do
-    ['keystone']
+  autorequire(:anchor) do
+    ['keystone_started']
   end
 end

lib/puppet/type/keystone_tenant.rb

@@ -53,7 +53,7 @@ Puppet::Type.newtype(:keystone_tenant) do
   # config is configured IF we need them for authentication.
   # If there is no keystone config, authentication credentials
   # need to come from another source.
-  autorequire(:service) do
-    ['keystone']
+  autorequire(:anchor) do
+    ['keystone_started']
   end
 end

lib/puppet/type/keystone_user.rb

@@ -101,7 +101,7 @@ Puppet::Type.newtype(:keystone_user) do
   end
 
   # we should not do anything until the keystone service is started
-  autorequire(:service) do
-    ['keystone']
+  autorequire(:anchor) do
+    ['keystone_started']
   end
 end

lib/puppet/type/keystone_user_role.rb

@@ -59,7 +59,7 @@ Puppet::Type.newtype(:keystone_user_role) do
   end
 
   # we should not do anything until the keystone service is started
-  autorequire(:service) do
-    ['keystone']
+  autorequire(:anchor) do
+    ['keystone_started']
   end
 end

manifests/init.pp

@@ -978,4 +978,7 @@ class keystone(
       }
     }
   }
+  anchor { 'keystone_started':
+    require => Service[$service_name]
+  }
 }

spec/classes/keystone_spec.rb

@@ -243,6 +243,8 @@ describe 'keystone' do
         'hasrestart' => true
       ) }
 
+      it { is_expected.to contain_anchor('keystone_started') }
+
     end
   end
 
@@ -290,6 +292,7 @@ describe 'keystone' do
       'hasstatus'  => true,
       'hasrestart' => true
     ) }
+    it { is_expected.to contain_anchor('keystone_started') }
   end
 
   describe 'when configuring signing token provider' do