Simplify validations of domain specific backends

Currently we assert raw resources but this is redundant because these resources are created by the keystone class. We can assert the required definition at the class interface layer. Also creationg of domain config directory is duplicate and can be handled in a single place. Change-Id: I1c3c977dd4ac7439eec8e7278b857d606f1a25f3
2023-05-17 11:08:07 +09:00 · 2023-05-17 11:08:07 +09:00 · c478a37776
commit c478a37776
parent 6c2a161721
3 changed files with 26 additions and 70 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -709,35 +709,21 @@ class keystone(
  if $using_domain_config {
    validate_legacy(Stdlib::Compat::Absolute_path, 'validate_absolute_path', $domain_config_directory)

-    # Better than ensure resource.  We don't want to conflict with any
-    # user definition even if they don't match exactly our parameters.
-    # The error catching mechanism in the provider will remind them if
-    # they did something silly, like defining a file rather than a
-    # directory.  For the permission it's their choice.
-    if (!defined(File[$domain_config_directory])) {
-      file { $domain_config_directory:
-        ensure  => directory,
-        owner   => $keystone_user,
-        group   => $keystone_group,
-        mode    => '0750',
-        require => Anchor['keystone::install::end'],
-      }
-      if $manage_service {
-        File[$domain_config_directory] ~> Service[$service_name]
-      }
+    file { $domain_config_directory:
+      ensure  => directory,
+      owner   => $keystone_user,
+      group   => $keystone_group,
+      mode    => '0750',
+      require => Anchor['keystone::install::end'],
+    }
+
+    if $manage_service {
+      File[$domain_config_directory] ~> Service[$service_name]
+    }
+
+    keystone_config {
+      'identity/domain_specific_drivers_enabled': value => true;
+      'identity/domain_config_dir':               value => $domain_config_directory;
    }
-    # Here we want the creation to fail if the user has created those
-    # resources with different values. That means that the user
-    # wrongly uses using_domain_config parameter.
-    ensure_resource(
-      'keystone_config',
-      'identity/domain_specific_drivers_enabled',
-      {'value' => true}
-    )
-    ensure_resource(
-      'keystone_config',
-      'identity/domain_config_dir',
-      {'value' => $domain_config_directory}
-    )
  }
 }
--- a/manifests/ldap_backend.pp
+++ b/manifests/ldap_backend.pp
@ -305,25 +305,12 @@ define keystone::ldap_backend(
  validate_legacy(Boolean, 'validate_bool', $manage_packages)
  validate_legacy(Boolean, 'validate_bool', $create_domain_entry)

-  $domain_enabled = getparam(Keystone_config['identity/domain_specific_drivers_enabled'], 'value')
-  $domain_dir_enabled = getparam(Keystone_config['identity/domain_config_dir'], 'value')
-  $err_msg = "You should add \"using_domain_config => true\" parameter to your Keystone class, \
-got \"${domain_enabled}\" for identity/domain_specific_drivers_enabled \
-and \"${domain_dir_enabled}\" for identity/domain_config_dir"
-
-  if(bool2num($domain_enabled) == 0) {
-    fail($err_msg)
+  if !defined(Class[keystone]) {
+    fail('The keystone class should be included before this class')
  }

-  validate_legacy(Pattern[/^\/.+/], 'validate_re', $domain_dir_enabled, [$err_msg])
-
-  if (!defined(File[$domain_dir_enabled])) {
-    ensure_resource('file', $domain_dir_enabled, {
-      ensure  => directory,
-      owner   => $::keystone::params::user,
-      group   => $::keystone::params::group,
-      mode    => '0750',
-    })
+  if ! $::keystone::using_domain_config {
+    fail('Domain specific drivers are not enabled. Set keystone::using_domain_config to true.')
  }

  $domain = $name
--- a/spec/defines/keystone_ldap_backend_spec.rb
+++ b/spec/defines/keystone_ldap_backend_spec.rb
@ -7,14 +7,9 @@ describe 'keystone::ldap_backend' do
      let(:title) { 'Default' }
      let(:pre_condition) do
        <<-EOM
-        exec { 'restart_keystone':
-          path        => ['/usr/sbin', '/usr/bin', '/sbin', '/bin/'],
-          command     => "service ${service_name_real} restart",
-          refreshonly => true,
+        class { 'keystone':
+          using_domain_config => true
        }
-        keystone_config {'identity/domain_specific_drivers_enabled': value => true}
-        keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'}
-        file {'/etc/keystone/keystone.conf': ensure => present }
        EOM
      end

@ -170,9 +165,9 @@ describe 'keystone::ldap_backend' do
      end
      let(:pre_condition) do
        <<-EOM
-        keystone_config {'identity/domain_specific_drivers_enabled': value => true}
-        keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'}
-        file {'/etc/keystone/keystone.conf': ensure => present }
+        class { 'keystone':
+          using_domain_config => true
+        }
        EOM
      end
      it 'should use the domain from the title' do
@ -183,22 +178,10 @@ describe 'keystone::ldap_backend' do

    context 'checks' do
      let(:title) { 'domain' }
-      context 'Missing identity/domain_specific_drivers_enabled' do
+      context 'with domain specific drivers disabled' do
        let(:pre_condition) do
        <<-EOM
-        keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'}
-        file {'/etc/keystone/keystone.conf': ensure => present }
-        EOM
-        end
-
-        it { should raise_error(Puppet::Error) }
-      end
-
-      context 'Missing identity/domain_config_dir' do
-        let(:pre_condition) do
-        <<-EOM
-        keystone_config {'identity/domain_specific_drivers_enabled': value => true}
-        file {'/etc/keystone/keystone.conf': ensure => present }
+        class { 'keystone': }
        EOM
        end