openstack/puppet-keystone
Code Issues Proposed changes

Move Authtoken to $::os_service_default

Browse Source 
This patch aims to move the authtoken define
to use $::os_service_default

Change-Id: Ifd6db1e44242404f5058a8ee4fa1d382eb575108
This commit is contained in:
Iury Gregory Melo Ferreira 2016-06-17 00:01:11 -03:00
parent 50cdfe9678
commit e5754d9809
3 changed files with 108 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
manifests/resource/authtoken.pp
View File

@ -44,93 +44,89 @@
# == Parameters: # == Parameters:
# #
# [*name*] # [*name*]
# The name of the resource corresponding to the config file. For example, # (Required) The name of the resource corresponding to the config file. For example,
# keystone::resource::authtoken { 'glance_api_config': ... } # keystone::resource::authtoken { 'glance_api_config': ... }
# Where 'glance_api_config' is the name of the resource used to manage # Where 'glance_api_config' is the name of the resource used to manage
# the glance api configuration. # the glance api configuration. string;
# string; required
# #
# [*username*] # [*username*]
# The name of the service user; # (Required) The name of the service user; string;
# string; required
# #
# [*password*] # [*password*]
# Password to create for the service user; # (Required) Password to create for the service user; string;
# string; required
# #
# [*auth_url*] # [*auth_url*]
# The URL to use for authentication. # (Required) The URL to use for authentication. string;
# string; required
# #
# [*auth_plugin*] # [*auth_plugin*]
# The plugin to use for authentication. # (Optional) The plugin to use for authentication. string;
# string; optional: default to 'password' # Defaults to 'password'
# #
# [*user_id*] # [*user_id*]
# The ID of the service user; # (Optional) The ID of the service user;
# string; optional: default to undef # string; Defaults to $::os_service_default
# #
# [*user_domain_name*] # [*user_domain_name*]
# (Optional) Name of domain for $username # (Optional) Name of domain for $username
# Defaults to undef # Defaults to $::os_service_default
# #
# [*user_domain_id*] # [*user_domain_id*]
# (Optional) ID of domain for $username # (Optional) ID of domain for $username
# Defaults to undef # Defaults to $::os_service_default
# #
# [*project_name*] # [*project_name*]
# Service project name; # (Optional) Service project name; string;
# string; optional: default to undef # Defaults to $::os_service_default
# #
# [*project_id*] # [*project_id*]
# Service project ID; # (Optional) Service project ID;
# string; optional: default to undef # string; Defaults to $::os_service_default
# #
# [*project_domain_name*] # [*project_domain_name*]
# (Optional) Name of domain for $project_name # (Optional) Name of domain for $project_name
# Defaults to undef # Defaults to $::os_service_default
# #
# [*project_domain_id*] # [*project_domain_id*]
# (Optional) ID of domain for $project_name # (Optional) ID of domain for $project_name
# Defaults to undef # Defaults to $::os_service_default
# #
# [*domain_name*] # [*domain_name*]
# (Optional) Use this for auth to obtain a domain-scoped token. # (Optional) Use this for auth to obtain a domain-scoped token.
# If using this option, do not specify $project_name or $project_id. # If using this option, do not specify $project_name or $project_id.
# Defaults to undef # Defaults to $::os_service_default
# #
# [*domain_id*] # [*domain_id*]
# (Optional) Use this for auth to obtain a domain-scoped token. # (Optional) Use this for auth to obtain a domain-scoped token.
# If using this option, do not specify $project_name or $project_id. # If using this option, do not specify $project_name or $project_id.
# Defaults to undef # Defaults to $::os_service_default
# #
# [*default_domain_name*] # [*default_domain_name*]
# (Optional) Name of domain for $username and $project_name # (Optional) Name of domain for $username and $project_name
# If user_domain_name is not specified, use $default_domain_name # If user_domain_name is not specified, use $default_domain_name
# If project_domain_name is not specified, use $default_domain_name # If project_domain_name is not specified, use $default_domain_name
# Defaults to undef # Defaults to $::os_service_default
# #
# [*default_domain_id*] # [*default_domain_id*]
# (Optional) ID of domain for $user_id and $project_id # (Optional) ID of domain for $user_id and $project_id
# If user_domain_id is not specified, use $default_domain_id # If user_domain_id is not specified, use $default_domain_id
# If project_domain_id is not specified, use $default_domain_id # If project_domain_id is not specified, use $default_domain_id
# Defaults to undef # Defaults to $::os_service_default
# #
# [*trust_id*] # [*trust_id*]
# (Optional) Trust ID # (Optional) Trust ID
# Defaults to undef # Defaults to $::os_service_default
# #
# [*cacert*] # [*cacert*]
# (Optional) CA certificate file for TLS (https) # (Optional) CA certificate file for TLS (https)
# Defaults to undef # Defaults to $::os_service_default
# #
# [*cert*] # [*cert*]
# (Optional) Certificate file for TLS (https) # (Optional) Certificate file for TLS (https)
# Defaults to undef # Defaults to $::os_service_default
# #
# [*key*] # [*key*]
# (Optional) Key file for TLS (https) # (Optional) Key file for TLS (https)
# Defaults to undef # Defaults to $::os_service_default
# #
# [*insecure*] # [*insecure*]
# If true, explicitly allow TLS without checking server cert against any # If true, explicitly allow TLS without checking server cert against any
@ -142,114 +138,82 @@ define keystone::resource::authtoken(
$password, $password,
$auth_url, $auth_url,
$auth_plugin = 'password', $auth_plugin = 'password',
$user_id = undef, $user_id = $::os_service_default,
$user_domain_name = undef, $user_domain_name = $::os_service_default,
$user_domain_id = undef, $user_domain_id = $::os_service_default,
$project_name = undef, $project_name = $::os_service_default,
$project_id = undef, $project_id = $::os_service_default,
$project_domain_name = undef, $project_domain_name = $::os_service_default,
$project_domain_id = undef, $project_domain_id = $::os_service_default,
$domain_name = undef, $domain_name = $::os_service_default,
$domain_id = undef, $domain_id = $::os_service_default,
$default_domain_name = undef, $default_domain_name = $::os_service_default,
$default_domain_id = undef, $default_domain_id = $::os_service_default,
$trust_id = undef, $trust_id = $::os_service_default,
$cacert = undef, $cacert = $::os_service_default,
$cert = undef, $cert = $::os_service_default,
$key = undef, $key = $::os_service_default,
$insecure = false, $insecure = false,
) { ) {
include ::keystone::deps include ::keystone::deps
if !$project_name and !$project_id and !$domain_name and !$domain_id { if is_service_default($project_name) and is_service_default($project_id) and
is_service_default($domain_name) and is_service_default($domain_id) {
fail('Must specify either a project (project_name or project_id, for a project scoped token) or a domain (domain_name or domain_id, for a domain scoped token)') fail('Must specify either a project (project_name or project_id, for a project scoped token) or a domain (domain_name or domain_id, for a domain scoped token)')
} }
if ($project_name or $project_id) and ($domain_name or $domain_id) { if ( !is_service_default($project_name) or !is_service_default($project_id) ) and
( !is_service_default($domain_name) or !is_service_default($domain_id) ) {
fail('Cannot specify both a project (project_name or project_id) and a domain (domain_name or domain_id)') fail('Cannot specify both a project (project_name or project_id) and a domain (domain_name or domain_id)')
} }
$user_and_domain_array = split($username, '::') $user_and_domain_array = split($username, '::')
$real_username = $user_and_domain_array[0] $real_username = $user_and_domain_array[0]
$real_user_domain_name = pick($user_domain_name, $user_and_domain_array[1], $default_domain_name, '__nodomain__')
if !is_service_default($user_domain_name) {
$real_user_domain_name = pick($user_domain_name,$user_and_domain_array[1])
} elsif !is_service_default($default_domain_name) {
$real_user_domain_name = pick($user_and_domain_array[1], $default_domain_name)
} else {
$real_user_domain_name = pick($user_domain_name, $user_and_domain_array[1], $default_domain_name)
}
$project_and_domain_array = split($project_name, '::') $project_and_domain_array = split($project_name, '::')
$real_project_name = $project_and_domain_array[0] $real_project_name = $project_and_domain_array[0]
$real_project_domain_name = pick($project_domain_name, $project_and_domain_array[1], $default_domain_name, '__nodomain__')
create_resources($name, {'keystone_authtoken/auth_plugin' => {'value' => $auth_plugin}}) if !is_service_default($project_domain_name) {
create_resources($name, {'keystone_authtoken/auth_url' => {'value' => $auth_url}}) $real_project_domain_name = pick($project_domain_name, $project_and_domain_array[1])
create_resources($name, {'keystone_authtoken/username' => {'value' => $real_username}}) } elsif !is_service_default($default_domain_name) {
create_resources($name, {'keystone_authtoken/password' => {'value' => $password, 'secret' => true}}) $real_project_domain_name = pick($project_and_domain_array[1], $default_domain_name)
if $user_id {
create_resources($name, {'keystone_authtoken/user_id' => {'value' => $user_id}})
} else { } else {
create_resources($name, {'keystone_authtoken/user_id' => {'ensure' => 'absent'}}) $real_project_domain_name = pick($project_domain_name, $project_and_domain_array[1], $default_domain_name)
} }
if $real_user_domain_name == '__nodomain__' {
create_resources($name, {'keystone_authtoken/user_domain_name' => {'ensure' => 'absent'}}) $real_user_domain_id = pick($user_domain_id,$default_domain_id)
} else { $real_project_domain_id = pick($project_domain_id, $default_domain_id)
create_resources($name, {'keystone_authtoken/user_domain_name' => {'value' => $real_user_domain_name}})
$authtoken_options = {
'keystone_authtoken/auth_plugin' => {'value' => $auth_plugin },
'keystone_authtoken/auth_url' => {'value' => $auth_url },
'keystone_authtoken/username' => {'value' => $real_username },
'keystone_authtoken/password' => {'value' => $password, 'secret' => true },
'keystone_authtoken/user_id' => {'value' => $user_id },
'keystone_authtoken/user_domain_name' => {'value' => $real_user_domain_name },
'keystone_authtoken/project_name' => {'value' => $real_project_name },
'keystone_authtoken/project_id' => {'value' => $project_id },
'keystone_authtoken/domain_name' => {'value' => $domain_name },
'keystone_authtoken/project_domain_name' => {'value' => $real_project_domain_name },
'keystone_authtoken/domain_id' => {'value' => $domain_id },
'keystone_authtoken/trust_id' => {'value' => $trust_id },
'keystone_authtoken/cacert' => {'value' => $cacert },
'keystone_authtoken/cert' => {'value' => $cert },
'keystone_authtoken/key' => {'value' => $key },
'keystone_authtoken/insecure' => {'value' => $insecure },
'keystone_authtoken/user_domain_id' => {'value' => $real_user_domain_id },
'keystone_authtoken/project_domain_id' => {'value' => $real_project_domain_id },
} }
if $user_domain_id {
create_resources($name, {'keystone_authtoken/user_domain_id' => {'value' => $user_domain_id}}) create_resources($name, $authtoken_options)
} elsif $default_domain_id {
create_resources($name, {'keystone_authtoken/user_domain_id' => {'value' => $default_domain_id}})
} else {
create_resources($name, {'keystone_authtoken/user_domain_id' => {'ensure' => 'absent'}})
}
if $project_name {
create_resources($name, {'keystone_authtoken/project_name' => {'value' => $real_project_name}})
} else {
create_resources($name, {'keystone_authtoken/project_name' => {'ensure' => 'absent'}})
}
if $project_id {
create_resources($name, {'keystone_authtoken/project_id' => {'value' => $project_id}})
} else {
create_resources($name, {'keystone_authtoken/project_id' => {'ensure' => 'absent'}})
}
if $real_project_domain_name == '__nodomain__' {
create_resources($name, {'keystone_authtoken/project_domain_name' => {'ensure' => 'absent'}})
} else {
create_resources($name, {'keystone_authtoken/project_domain_name' => {'value' => $real_project_domain_name}})
}
if $project_domain_id {
create_resources($name, {'keystone_authtoken/project_domain_id' => {'value' => $project_domain_id}})
} elsif $default_domain_id {
create_resources($name, {'keystone_authtoken/project_domain_id' => {'value' => $default_domain_id}})
} else {
create_resources($name, {'keystone_authtoken/project_domain_id' => {'ensure' => 'absent'}})
}
if $domain_name {
create_resources($name, {'keystone_authtoken/domain_name' => {'value' => $domain_name}})
} else {
create_resources($name, {'keystone_authtoken/domain_name' => {'ensure' => 'absent'}})
}
if $domain_id {
create_resources($name, {'keystone_authtoken/domain_id' => {'value' => $domain_id}})
} else {
create_resources($name, {'keystone_authtoken/domain_id' => {'ensure' => 'absent'}})
}
if $trust_id {
create_resources($name, {'keystone_authtoken/trust_id' => {'value' => $trust_id}})
} else {
create_resources($name, {'keystone_authtoken/trust_id' => {'ensure' => 'absent'}})
}
if $cacert {
create_resources($name, {'keystone_authtoken/cacert' => {'value' => $cacert}})
} else {
create_resources($name, {'keystone_authtoken/cacert' => {'ensure' => 'absent'}})
}
if $cert {
create_resources($name, {'keystone_authtoken/cert' => {'value' => $cert}})
} else {
create_resources($name, {'keystone_authtoken/cert' => {'ensure' => 'absent'}})
}
if $key {
create_resources($name, {'keystone_authtoken/key' => {'value' => $key}})
} else {
create_resources($name, {'keystone_authtoken/key' => {'ensure' => 'absent'}})
}
create_resources($name, {'keystone_authtoken/insecure' => {'value' => $insecure}})
} }

4
releasenotes/notes/authtoken-os_service_default-eb8809222b21e05a.yaml Normal file
View File

@ -0,0 +1,4 @@
---
upgrade:
- update undef parameters in authtoken.pp to use
$::os_service_default

42
spec/defines/keystone_resource_authtoken_spec.rb
View File

@ -23,7 +23,7 @@ describe 'keystone::resource::authtoken' do
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/user_id').with( it { is_expected.to contain_keystone_config('keystone_authtoken/user_id').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/password').with( it { is_expected.to contain_keystone_config('keystone_authtoken/password').with(
@ -44,47 +44,47 @@ describe 'keystone::resource::authtoken' do
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/project_id').with( it { is_expected.to contain_keystone_config('keystone_authtoken/project_id').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/user_domain_name').with( it { is_expected.to contain_keystone_config('keystone_authtoken/user_domain_name').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/project_domain_name').with( it { is_expected.to contain_keystone_config('keystone_authtoken/project_domain_name').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/user_domain_id').with( it { is_expected.to contain_keystone_config('keystone_authtoken/user_domain_id').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/project_domain_id').with( it { is_expected.to contain_keystone_config('keystone_authtoken/project_domain_id').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/domain_name').with( it { is_expected.to contain_keystone_config('keystone_authtoken/domain_name').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/domain_id').with( it { is_expected.to contain_keystone_config('keystone_authtoken/domain_id').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/trust_id').with( it { is_expected.to contain_keystone_config('keystone_authtoken/trust_id').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/cacert').with( it { is_expected.to contain_keystone_config('keystone_authtoken/cacert').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/cert').with( it { is_expected.to contain_keystone_config('keystone_authtoken/cert').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/key').with( it { is_expected.to contain_keystone_config('keystone_authtoken/key').with(
:ensure => 'absent', :value => '<SERVICE DEFAULT>',
)} )}
it { is_expected.to contain_keystone_config('keystone_authtoken/insecure').with( it { is_expected.to contain_keystone_config('keystone_authtoken/insecure').with(
@ -180,19 +180,15 @@ describe 'keystone::resource::authtoken' do
end end
context 'on a Debian osfamily' do on_supported_os({
let :facts do :supported_oos => OSDefaults.get_supported_os
@default_facts.merge({ :osfamily => "Debian" }) }).each do |os,facts|
end context "on #{os}" do
let (:facts) do
include_examples 'shared examples' facts.merge!(OSDefaults.get_facts())
end
context 'on a RedHat osfamily' do
let :facts do
@default_facts.merge({ :osfamily => 'RedHat' })
end end
include_examples 'shared examples' include_examples 'shared examples'
end end
end end
end