replace validate_legacy with proper data types
the validate_legacy function is marked for deprecation in v9.0.0 from puppetlabs-stdlib. This also adds validations about the parameters used for file resources and ensures the given values are absolute paths. Depends-on: https://review.opendev.org/885996 Change-Id: Ic49abcccffab5a3504e3a3060c0fac7a01bef69b
This commit is contained in:
Takashi Kajinami
@@ -71,13 +71,11 @@ class keystone::bootstrap (
|
||||
$internal_url = undef,
|
||||
$region = 'RegionOne',
|
||||
$interface = 'public',
|
||||
$bootstrap = true,
|
||||
Boolean $bootstrap = true,
|
||||
) inherits keystone::params {
|
||||
|
||||
include keystone::deps
|
||||
|
||||
validate_legacy(Boolean, 'validate_bool', $bootstrap)
|
||||
|
||||
$internal_url_real = $internal_url ? {
|
||||
undef => $public_url,
|
||||
default => $internal_url
|
||||
|
||||
@@ -21,12 +21,10 @@
|
||||
# or Puppet catalog compilation will fail with duplicate resources.
|
||||
#
|
||||
class keystone::config (
|
||||
$keystone_config = {},
|
||||
Hash $keystone_config = {},
|
||||
) {
|
||||
|
||||
include keystone::deps
|
||||
|
||||
validate_legacy(Hash, 'validate_hash', $keystone_config)
|
||||
|
||||
create_resources('keystone_config', $keystone_config)
|
||||
}
|
||||
|
||||
@@ -34,7 +34,7 @@
|
||||
# Defaults to 'utf8_general_ci'
|
||||
#
|
||||
class keystone::db::mysql(
|
||||
$password,
|
||||
String[1] $password,
|
||||
$dbname = 'keystone',
|
||||
$user = 'keystone',
|
||||
$host = '127.0.0.1',
|
||||
@@ -45,8 +45,6 @@ class keystone::db::mysql(
|
||||
|
||||
include keystone::deps
|
||||
|
||||
validate_legacy(String, 'validate_string', $password)
|
||||
|
||||
::openstacklib::db::mysql { 'keystone':
|
||||
user => $user,
|
||||
password => $password,
|
||||
|
||||
@@ -81,7 +81,7 @@
|
||||
class keystone::federation::identity_provider(
|
||||
$idp_entity_id,
|
||||
$idp_sso_endpoint,
|
||||
$idp_metadata_path,
|
||||
Stdlib::Absolutepath $idp_metadata_path,
|
||||
$certfile = $::keystone::ssl_ca_certs,
|
||||
$keyfile = $::keystone::ssl_ca_key,
|
||||
$user = $::keystone::params::user,
|
||||
|
||||
@@ -35,8 +35,8 @@ class keystone::federation::mellon (
|
||||
$methods,
|
||||
$idp_name,
|
||||
$protocol_name,
|
||||
$template_order = 331,
|
||||
$enable_websso = false,
|
||||
$template_order = 331,
|
||||
Boolean $enable_websso = false,
|
||||
) {
|
||||
|
||||
include apache
|
||||
@@ -58,8 +58,6 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
|
||||
fail('Methods should contain saml2 as one of the auth methods.')
|
||||
}
|
||||
|
||||
validate_legacy(Boolean, 'validate_bool', $enable_websso)
|
||||
|
||||
keystone_config {
|
||||
'auth/methods': value => join(any2array($methods),',');
|
||||
'auth/saml2': ensure => absent;
|
||||
|
||||
@@ -144,7 +144,7 @@ class keystone::federation::openidc (
|
||||
$openidc_cache_dir = undef,
|
||||
$openidc_cache_clean_interval = undef,
|
||||
$openidc_claim_delimiter = undef,
|
||||
$openidc_enable_oauth = false,
|
||||
Boolean $openidc_enable_oauth = false,
|
||||
$openidc_introspection_endpoint = undef,
|
||||
$openidc_verify_jwks_uri = undef,
|
||||
$openidc_verify_method = 'introspection',
|
||||
@@ -163,8 +163,6 @@ class keystone::federation::openidc (
|
||||
include keystone::deps
|
||||
include keystone::params
|
||||
|
||||
validate_legacy(Boolean, 'validate_bool', $openidc_enable_oauth)
|
||||
|
||||
if !($openidc_verify_method in ['introspection', 'jwks']) {
|
||||
fail('Unsupported token verification method.' +
|
||||
' Must be one of "introspection" or "jwks"')
|
||||
|
||||
@@ -45,9 +45,9 @@
|
||||
#
|
||||
class keystone::federation::shibboleth (
|
||||
$methods,
|
||||
$suppress_warning = false,
|
||||
$template_order = 331,
|
||||
$yum_repo_name = 'shibboleth',
|
||||
Boolean $suppress_warning = false,
|
||||
$template_order = 331,
|
||||
$yum_repo_name = 'shibboleth',
|
||||
) {
|
||||
|
||||
include apache
|
||||
@@ -67,8 +67,6 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
|
||||
fail('Methods should contain saml2 as one of the auth methods.')
|
||||
}
|
||||
|
||||
validate_legacy(Boolean, 'validate_bool', $suppress_warning)
|
||||
|
||||
keystone_config {
|
||||
'auth/methods': value => join(any2array($methods),',');
|
||||
'auth/saml2': ensure => absent;
|
||||
|
||||
@@ -333,77 +333,69 @@
|
||||
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
|
||||
#
|
||||
class keystone(
|
||||
$package_ensure = 'present',
|
||||
$catalog_driver = $facts['os_service_default'],
|
||||
$catalog_template_file = '/etc/keystone/default_catalog.templates',
|
||||
$token_provider = 'fernet',
|
||||
$token_expiration = 3600,
|
||||
$password_hash_algorithm = $facts['os_service_default'],
|
||||
$password_hash_rounds = $facts['os_service_default'],
|
||||
$revoke_driver = $facts['os_service_default'],
|
||||
$revoke_by_id = true,
|
||||
$public_endpoint = $facts['os_service_default'],
|
||||
$manage_service = true,
|
||||
$enabled = true,
|
||||
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
|
||||
$rabbit_heartbeat_rate = $facts['os_service_default'],
|
||||
$rabbit_heartbeat_in_pthread = $facts['os_service_default'],
|
||||
$rabbit_use_ssl = $facts['os_service_default'],
|
||||
$default_transport_url = $facts['os_service_default'],
|
||||
$rabbit_ha_queues = $facts['os_service_default'],
|
||||
$kombu_ssl_ca_certs = $facts['os_service_default'],
|
||||
$kombu_ssl_certfile = $facts['os_service_default'],
|
||||
$kombu_ssl_keyfile = $facts['os_service_default'],
|
||||
$kombu_ssl_version = $facts['os_service_default'],
|
||||
$kombu_reconnect_delay = $facts['os_service_default'],
|
||||
$kombu_failover_strategy = $facts['os_service_default'],
|
||||
$kombu_compression = $facts['os_service_default'],
|
||||
$notification_transport_url = $facts['os_service_default'],
|
||||
$notification_driver = $facts['os_service_default'],
|
||||
$notification_topics = $facts['os_service_default'],
|
||||
$notification_format = $facts['os_service_default'],
|
||||
$notification_opt_out = $facts['os_service_default'],
|
||||
$control_exchange = $facts['os_service_default'],
|
||||
$executor_thread_pool_size = $facts['os_service_default'],
|
||||
$rpc_response_timeout = $facts['os_service_default'],
|
||||
$service_name = $::keystone::params::service_name,
|
||||
$max_token_size = $facts['os_service_default'],
|
||||
$sync_db = true,
|
||||
$enable_fernet_setup = true,
|
||||
$fernet_key_repository = '/etc/keystone/fernet-keys',
|
||||
$fernet_max_active_keys = $facts['os_service_default'],
|
||||
$fernet_keys = false,
|
||||
$fernet_replace_keys = true,
|
||||
$enable_credential_setup = true,
|
||||
$credential_key_repository = '/etc/keystone/credential-keys',
|
||||
$credential_keys = false,
|
||||
$default_domain = undef,
|
||||
$policy_driver = $facts['os_service_default'],
|
||||
$using_domain_config = false,
|
||||
$domain_config_directory = '/etc/keystone/domains',
|
||||
$keystone_user = $::keystone::params::user,
|
||||
$keystone_group = $::keystone::params::group,
|
||||
$manage_policyrcd = false,
|
||||
$enable_proxy_headers_parsing = $facts['os_service_default'],
|
||||
$max_request_body_size = $facts['os_service_default'],
|
||||
$purge_config = false,
|
||||
$amqp_durable_queues = $facts['os_service_default'],
|
||||
$package_ensure = 'present',
|
||||
$catalog_driver = $facts['os_service_default'],
|
||||
$catalog_template_file = '/etc/keystone/default_catalog.templates',
|
||||
$token_provider = 'fernet',
|
||||
$token_expiration = 3600,
|
||||
$password_hash_algorithm = $facts['os_service_default'],
|
||||
$password_hash_rounds = $facts['os_service_default'],
|
||||
$revoke_driver = $facts['os_service_default'],
|
||||
$revoke_by_id = true,
|
||||
$public_endpoint = $facts['os_service_default'],
|
||||
Boolean $manage_service = true,
|
||||
Boolean $enabled = true,
|
||||
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
|
||||
$rabbit_heartbeat_rate = $facts['os_service_default'],
|
||||
$rabbit_heartbeat_in_pthread = $facts['os_service_default'],
|
||||
$rabbit_use_ssl = $facts['os_service_default'],
|
||||
$default_transport_url = $facts['os_service_default'],
|
||||
$rabbit_ha_queues = $facts['os_service_default'],
|
||||
$kombu_ssl_ca_certs = $facts['os_service_default'],
|
||||
$kombu_ssl_certfile = $facts['os_service_default'],
|
||||
$kombu_ssl_keyfile = $facts['os_service_default'],
|
||||
$kombu_ssl_version = $facts['os_service_default'],
|
||||
$kombu_reconnect_delay = $facts['os_service_default'],
|
||||
$kombu_failover_strategy = $facts['os_service_default'],
|
||||
$kombu_compression = $facts['os_service_default'],
|
||||
$notification_transport_url = $facts['os_service_default'],
|
||||
$notification_driver = $facts['os_service_default'],
|
||||
$notification_topics = $facts['os_service_default'],
|
||||
$notification_format = $facts['os_service_default'],
|
||||
$notification_opt_out = $facts['os_service_default'],
|
||||
$control_exchange = $facts['os_service_default'],
|
||||
$executor_thread_pool_size = $facts['os_service_default'],
|
||||
$rpc_response_timeout = $facts['os_service_default'],
|
||||
$service_name = $::keystone::params::service_name,
|
||||
$max_token_size = $facts['os_service_default'],
|
||||
Boolean $sync_db = true,
|
||||
Boolean $enable_fernet_setup = true,
|
||||
Stdlib::Absolutepath $fernet_key_repository = '/etc/keystone/fernet-keys',
|
||||
$fernet_max_active_keys = $facts['os_service_default'],
|
||||
Optional[Hash] $fernet_keys = undef,
|
||||
$fernet_replace_keys = true,
|
||||
Boolean $enable_credential_setup = true,
|
||||
Stdlib::Absolutepath $credential_key_repository = '/etc/keystone/credential-keys',
|
||||
Optional[Hash] $credential_keys = undef,
|
||||
$default_domain = undef,
|
||||
$policy_driver = $facts['os_service_default'],
|
||||
Boolean $using_domain_config = false,
|
||||
Stdlib::Absolutepath $domain_config_directory = '/etc/keystone/domains',
|
||||
$keystone_user = $::keystone::params::user,
|
||||
$keystone_group = $::keystone::params::group,
|
||||
Boolean $manage_policyrcd = false,
|
||||
$enable_proxy_headers_parsing = $facts['os_service_default'],
|
||||
$max_request_body_size = $facts['os_service_default'],
|
||||
$purge_config = false,
|
||||
$amqp_durable_queues = $facts['os_service_default'],
|
||||
# DEPRECATED PARAMETERS
|
||||
$client_package_ensure = undef,
|
||||
$client_package_ensure = undef,
|
||||
) inherits keystone::params {
|
||||
|
||||
include keystone::deps
|
||||
include keystone::logging
|
||||
include keystone::policy
|
||||
|
||||
validate_legacy(Boolean, 'validate_bool', $manage_service)
|
||||
validate_legacy(Boolean, 'validate_bool', $enabled)
|
||||
validate_legacy(Boolean, 'validate_bool', $sync_db)
|
||||
validate_legacy(Boolean, 'validate_bool', $enable_fernet_setup)
|
||||
validate_legacy(Boolean, 'validate_bool', $enable_credential_setup)
|
||||
validate_legacy(Boolean, 'validate_bool', $using_domain_config)
|
||||
validate_legacy(Boolean, 'validate_bool', $manage_policyrcd)
|
||||
|
||||
if $client_package_ensure != undef {
|
||||
warning('The client_package_ensure parameter is deprecated and has no effect.')
|
||||
}
|
||||
@@ -558,7 +550,6 @@ class keystone(
|
||||
|
||||
# Fernet tokens support
|
||||
if $enable_fernet_setup {
|
||||
validate_legacy(String, 'validate_string', $fernet_key_repository)
|
||||
ensure_resource('file', $fernet_key_repository, {
|
||||
ensure => 'directory',
|
||||
owner => $keystone_user,
|
||||
@@ -568,7 +559,6 @@ class keystone(
|
||||
})
|
||||
|
||||
if $fernet_keys {
|
||||
validate_legacy(Hash, 'validate_hash', $fernet_keys)
|
||||
create_resources('file', $fernet_keys, {
|
||||
'owner' => $keystone_user,
|
||||
'group' => $keystone_group,
|
||||
@@ -596,7 +586,6 @@ class keystone(
|
||||
|
||||
# Credential support
|
||||
if $enable_credential_setup {
|
||||
validate_legacy(String, 'validate_string', $credential_key_repository)
|
||||
ensure_resource('file', $credential_key_repository, {
|
||||
ensure => 'directory',
|
||||
owner => $keystone_user,
|
||||
@@ -606,7 +595,6 @@ class keystone(
|
||||
})
|
||||
|
||||
if $credential_keys {
|
||||
validate_legacy(Hash, 'validate_hash', $credential_keys)
|
||||
create_resources('file', $credential_keys, {
|
||||
'owner' => $keystone_user,
|
||||
'group' => $keystone_group,
|
||||
@@ -681,8 +669,6 @@ class keystone(
|
||||
}
|
||||
|
||||
if $using_domain_config {
|
||||
validate_legacy(Stdlib::Absolutepath, 'validate_absolute_path', $domain_config_directory)
|
||||
|
||||
file { $domain_config_directory:
|
||||
ensure => directory,
|
||||
owner => $keystone_user,
|
||||
|
||||
@@ -283,7 +283,8 @@ class keystone::ldap(
|
||||
$group_additional_attribute_mapping = $facts['os_service_default'],
|
||||
$chase_referrals = $facts['os_service_default'],
|
||||
$use_tls = $facts['os_service_default'],
|
||||
$tls_cacertdir = $facts['os_service_default'],
|
||||
Variant[Openstacklib::ServiceDefault, Stdlib::Absolutepath] $tls_cacertdir
|
||||
= $facts['os_service_default'],
|
||||
$tls_cacertfile = $facts['os_service_default'],
|
||||
$tls_req_cert = $facts['os_service_default'],
|
||||
$identity_driver = $facts['os_service_default'],
|
||||
@@ -299,13 +300,11 @@ class keystone::ldap(
|
||||
$auth_pool_size = $facts['os_service_default'],
|
||||
$auth_pool_connection_lifetime = $facts['os_service_default'],
|
||||
$package_ensure = present,
|
||||
$manage_packages = true,
|
||||
Boolean $manage_packages = true,
|
||||
) inherits keystone::params {
|
||||
|
||||
include keystone::deps
|
||||
|
||||
validate_legacy(Boolean, 'validate_bool', $manage_packages)
|
||||
|
||||
if $manage_packages {
|
||||
ensure_resource('package', 'python-ldappool', {
|
||||
ensure => $package_ensure,
|
||||
|
||||
@@ -295,16 +295,13 @@ define keystone::ldap_backend(
|
||||
$auth_pool_size = $facts['os_service_default'],
|
||||
$auth_pool_connection_lifetime = $facts['os_service_default'],
|
||||
$package_ensure = present,
|
||||
$manage_packages = true,
|
||||
$create_domain_entry = false,
|
||||
Boolean $manage_packages = true,
|
||||
Boolean $create_domain_entry = false,
|
||||
) {
|
||||
|
||||
include keystone::deps
|
||||
include keystone::params
|
||||
|
||||
validate_legacy(Boolean, 'validate_bool', $manage_packages)
|
||||
validate_legacy(Boolean, 'validate_bool', $create_domain_entry)
|
||||
|
||||
if !defined(Class[keystone]) {
|
||||
fail('The keystone class should be included before this class')
|
||||
}
|
||||
|
||||
@@ -48,7 +48,7 @@
|
||||
class keystone::policy (
|
||||
$enforce_scope = $facts['os_service_default'],
|
||||
$enforce_new_defaults = $facts['os_service_default'],
|
||||
$policies = {},
|
||||
Hash $policies = {},
|
||||
$policy_path = '/etc/keystone/policy.yaml',
|
||||
$policy_default_rule = $facts['os_service_default'],
|
||||
$policy_dirs = $facts['os_service_default'],
|
||||
@@ -58,8 +58,6 @@ class keystone::policy (
|
||||
include keystone::deps
|
||||
include keystone::params
|
||||
|
||||
validate_legacy(Hash, 'validate_hash', $policies)
|
||||
|
||||
$policy_parameters = {
|
||||
policies => $policies,
|
||||
policy_path => $policy_path,
|
||||
|
||||
@@ -231,56 +231,46 @@ define keystone::resource::authtoken(
|
||||
$username,
|
||||
$password,
|
||||
$auth_url,
|
||||
$project_name = $facts['os_service_default'],
|
||||
$user_domain_name = $facts['os_service_default'],
|
||||
$project_domain_name = $facts['os_service_default'],
|
||||
$system_scope = $facts['os_service_default'],
|
||||
$insecure = $facts['os_service_default'],
|
||||
$auth_section = $facts['os_service_default'],
|
||||
$auth_type = $facts['os_service_default'],
|
||||
$www_authenticate_uri = $facts['os_service_default'],
|
||||
$auth_version = $facts['os_service_default'],
|
||||
$cache = $facts['os_service_default'],
|
||||
$cafile = $facts['os_service_default'],
|
||||
$certfile = $facts['os_service_default'],
|
||||
$collect_timing = $facts['os_service_default'],
|
||||
$delay_auth_decision = $facts['os_service_default'],
|
||||
$enforce_token_bind = $facts['os_service_default'],
|
||||
$http_connect_timeout = $facts['os_service_default'],
|
||||
$http_request_max_retries = $facts['os_service_default'],
|
||||
$include_service_catalog = $facts['os_service_default'],
|
||||
$keyfile = $facts['os_service_default'],
|
||||
$memcache_pool_conn_get_timeout = $facts['os_service_default'],
|
||||
$memcache_pool_dead_retry = $facts['os_service_default'],
|
||||
$memcache_pool_maxsize = $facts['os_service_default'],
|
||||
$memcache_pool_socket_timeout = $facts['os_service_default'],
|
||||
$memcache_pool_unused_timeout = $facts['os_service_default'],
|
||||
$memcache_secret_key = $facts['os_service_default'],
|
||||
$memcache_security_strategy = $facts['os_service_default'],
|
||||
$memcache_use_advanced_pool = $facts['os_service_default'],
|
||||
$memcached_servers = $facts['os_service_default'],
|
||||
$region_name = $facts['os_service_default'],
|
||||
$token_cache_time = $facts['os_service_default'],
|
||||
$manage_memcache_package = false,
|
||||
$service_token_roles = $facts['os_service_default'],
|
||||
$service_token_roles_required = $facts['os_service_default'],
|
||||
$service_type = $facts['os_service_default'],
|
||||
$interface = $facts['os_service_default'],
|
||||
$project_name = $facts['os_service_default'],
|
||||
$user_domain_name = $facts['os_service_default'],
|
||||
$project_domain_name = $facts['os_service_default'],
|
||||
$system_scope = $facts['os_service_default'],
|
||||
$insecure = $facts['os_service_default'],
|
||||
$auth_section = $facts['os_service_default'],
|
||||
$auth_type = $facts['os_service_default'],
|
||||
$www_authenticate_uri = $facts['os_service_default'],
|
||||
$auth_version = $facts['os_service_default'],
|
||||
$cache = $facts['os_service_default'],
|
||||
$cafile = $facts['os_service_default'],
|
||||
$certfile = $facts['os_service_default'],
|
||||
$collect_timing = $facts['os_service_default'],
|
||||
$delay_auth_decision = $facts['os_service_default'],
|
||||
$enforce_token_bind = $facts['os_service_default'],
|
||||
$http_connect_timeout = $facts['os_service_default'],
|
||||
$http_request_max_retries = $facts['os_service_default'],
|
||||
$include_service_catalog = $facts['os_service_default'],
|
||||
$keyfile = $facts['os_service_default'],
|
||||
$memcache_pool_conn_get_timeout = $facts['os_service_default'],
|
||||
$memcache_pool_dead_retry = $facts['os_service_default'],
|
||||
$memcache_pool_maxsize = $facts['os_service_default'],
|
||||
$memcache_pool_socket_timeout = $facts['os_service_default'],
|
||||
$memcache_pool_unused_timeout = $facts['os_service_default'],
|
||||
$memcache_secret_key = $facts['os_service_default'],
|
||||
$memcache_security_strategy = $facts['os_service_default'],
|
||||
$memcache_use_advanced_pool = $facts['os_service_default'],
|
||||
$memcached_servers = $facts['os_service_default'],
|
||||
$region_name = $facts['os_service_default'],
|
||||
$token_cache_time = $facts['os_service_default'],
|
||||
Boolean $manage_memcache_package = false,
|
||||
$service_token_roles = $facts['os_service_default'],
|
||||
$service_token_roles_required = $facts['os_service_default'],
|
||||
$service_type = $facts['os_service_default'],
|
||||
$interface = $facts['os_service_default'],
|
||||
) {
|
||||
|
||||
include keystone::deps
|
||||
include keystone::params
|
||||
|
||||
validate_legacy(Boolean, 'validate_bool', $manage_memcache_package)
|
||||
|
||||
if !is_service_default($include_service_catalog) {
|
||||
validate_legacy(Boolean, 'validate_bool', $include_service_catalog)
|
||||
}
|
||||
|
||||
if !is_service_default($memcache_use_advanced_pool) {
|
||||
validate_legacy(Boolean, 'validate_bool', $memcache_use_advanced_pool)
|
||||
}
|
||||
|
||||
if !is_service_default($memcache_security_strategy) {
|
||||
if !(downcase($memcache_security_strategy) in ['none', 'mac', 'encrypt']){
|
||||
fail('memcache_security_strategy can be set only to None, MAC or ENCRYPT')
|
||||
@@ -291,10 +281,6 @@ define keystone::resource::authtoken(
|
||||
}
|
||||
}
|
||||
|
||||
if !is_service_default($delay_auth_decision) {
|
||||
validate_legacy(Boolean, 'validate_bool', $delay_auth_decision)
|
||||
}
|
||||
|
||||
if !is_service_default($memcached_servers) and !empty($memcached_servers){
|
||||
$memcached_servers_array = $memcached_servers ? {
|
||||
String => split($memcached_servers, ','),
|
||||
|
||||
@@ -112,40 +112,32 @@
|
||||
# Defaults to undef
|
||||
#
|
||||
define keystone::resource::service_identity(
|
||||
$ensure = 'present',
|
||||
$admin_url = false,
|
||||
$internal_url = false,
|
||||
$password = false,
|
||||
$public_url = false,
|
||||
$service_type = false,
|
||||
$auth_name = $name,
|
||||
$configure_endpoint = true,
|
||||
$configure_user = true,
|
||||
$configure_user_role = true,
|
||||
$configure_service = true,
|
||||
$email = "${name}@localhost",
|
||||
$region = 'RegionOne',
|
||||
$service_name = undef,
|
||||
$service_description = "${name} service",
|
||||
$tenant = 'services',
|
||||
$roles = ['admin'],
|
||||
$system_scope = 'all',
|
||||
$system_roles = [],
|
||||
$user_domain = undef,
|
||||
$project_domain = undef,
|
||||
$default_domain = undef,
|
||||
Enum['present', 'absent'] $ensure = 'present',
|
||||
Optional[String] $admin_url = undef,
|
||||
Optional[String] $internal_url = undef,
|
||||
Optional[String] $password = undef,
|
||||
Optional[String] $public_url = undef,
|
||||
Optional[String] $service_type = undef,
|
||||
String[1] $auth_name = $name,
|
||||
Boolean $configure_endpoint = true,
|
||||
Boolean $configure_user = true,
|
||||
Boolean $configure_user_role = true,
|
||||
Boolean $configure_service = true,
|
||||
String $email = "${name}@localhost",
|
||||
String[1] $region = 'RegionOne',
|
||||
Optional[String[1]] $service_name = undef,
|
||||
String $service_description = "${name} service",
|
||||
String[1] $tenant = 'services',
|
||||
Array[String[1]] $roles = ['admin'],
|
||||
String[1] $system_scope = 'all',
|
||||
Array[String[1]] $system_roles = [],
|
||||
Optional[String[1]] $user_domain = undef,
|
||||
Optional[String[1]] $project_domain = undef,
|
||||
Optional[String[1]] $default_domain = undef,
|
||||
) {
|
||||
|
||||
include keystone::deps
|
||||
|
||||
validate_legacy(Enum['present', 'absent'], 'validate_re', $ensure,
|
||||
[['^present$', '^absent$'], 'Valid values for ensure parameter are present or absent'])
|
||||
|
||||
validate_legacy(Boolean, 'validate_bool', $configure_endpoint)
|
||||
validate_legacy(Boolean, 'validate_bool', $configure_user)
|
||||
validate_legacy(Boolean, 'validate_bool', $configure_user_role)
|
||||
validate_legacy(Boolean, 'validate_bool', $configure_service)
|
||||
|
||||
if $service_name == undef {
|
||||
$service_name_real = $auth_name
|
||||
} else {
|
||||
@@ -159,12 +151,13 @@ define keystone::resource::service_identity(
|
||||
}
|
||||
|
||||
if $configure_user {
|
||||
validate_legacy(String, 'validate_string', $password)
|
||||
validate_legacy(String, 'validate_string', $auth_name)
|
||||
validate_legacy(String, 'validate_string', $email)
|
||||
['password', 'auth_name', 'email'].each |String $userprop| {
|
||||
if getvar($userprop) == undef {
|
||||
fail("The ${userprop} parameter is required when configuring a user.")
|
||||
}
|
||||
}
|
||||
|
||||
if $user_domain_real {
|
||||
validate_legacy(String, 'validate_string', $user_domain_real)
|
||||
# We have to use ensure_resource here and hope for the best, because we have
|
||||
# no way to know if the $user_domain is the same domain passed as the
|
||||
# $default_domain parameter to class keystone.
|
||||
@@ -173,23 +166,18 @@ define keystone::resource::service_identity(
|
||||
'enabled' => true,
|
||||
})
|
||||
}
|
||||
|
||||
ensure_resource('keystone_user', $auth_name, {
|
||||
'ensure' => $ensure,
|
||||
'enabled' => true,
|
||||
'password' => $password,
|
||||
'email' => $email,
|
||||
'domain' => $user_domain_real,
|
||||
'ensure' => $ensure,
|
||||
'enabled' => true,
|
||||
'password' => $password,
|
||||
'email' => $email,
|
||||
'domain' => $user_domain_real,
|
||||
})
|
||||
if ! $password {
|
||||
warning("No password had been set for ${auth_name} user.")
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if $configure_user_role {
|
||||
validate_legacy(String, 'validate_string', $tenant)
|
||||
validate_legacy(String, 'validate_string', $system_scope)
|
||||
validate_legacy(Array, 'validate_array', $roles)
|
||||
validate_legacy(Array, 'validate_array', $system_roles)
|
||||
|
||||
if $ensure == 'present' {
|
||||
# NOTE(jaosorior): We only handle ensure 'present' here, since deleting a
|
||||
@@ -199,6 +187,7 @@ define keystone::resource::service_identity(
|
||||
ensure_resource('keystone_role', $roles, { 'ensure' => 'present' })
|
||||
ensure_resource('keystone_role', $system_roles, { 'ensure' => 'present' })
|
||||
}
|
||||
|
||||
unless empty($roles) {
|
||||
ensure_resource('keystone_user_role', "${auth_name}@${tenant}", {
|
||||
'ensure' => $ensure,
|
||||
|
||||
@@ -118,9 +118,9 @@ describe 'keystone::resource::service_identity' do
|
||||
|
||||
context 'when trying to create an endpoint without service_type (will be dropped in Mitaka)' do
|
||||
let :params do
|
||||
required_params.delete(:service_type)
|
||||
required_params.merge(
|
||||
:configure_service => false,
|
||||
:service_type => false,
|
||||
)
|
||||
end
|
||||
it { is_expected.to contain_keystone_endpoint("RegionOne/#{title}").with(
|
||||
|
||||
Reference in New Issue
Block a user