replace validate_legacy with proper data types
the validate_legacy function is marked for deprecation in v9.0.0 from puppetlabs-stdlib. This also adds validations about the parameters used for file resources and ensures the given values are absolute paths. Depends-on: https://review.opendev.org/885996 Change-Id: Ic49abcccffab5a3504e3a3060c0fac7a01bef69b
This commit is contained in:
Takashi Kajinami
@@ -71,13 +71,11 @@ class keystone::bootstrap (
|
|||||||
$internal_url = undef,
|
$internal_url = undef,
|
||||||
$region = 'RegionOne',
|
$region = 'RegionOne',
|
||||||
$interface = 'public',
|
$interface = 'public',
|
||||||
$bootstrap = true,
|
Boolean $bootstrap = true,
|
||||||
) inherits keystone::params {
|
) inherits keystone::params {
|
||||||
|
|
||||||
include keystone::deps
|
include keystone::deps
|
||||||
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $bootstrap)
|
|
||||||
|
|
||||||
$internal_url_real = $internal_url ? {
|
$internal_url_real = $internal_url ? {
|
||||||
undef => $public_url,
|
undef => $public_url,
|
||||||
default => $internal_url
|
default => $internal_url
|
||||||
|
|||||||
@@ -21,12 +21,10 @@
|
|||||||
# or Puppet catalog compilation will fail with duplicate resources.
|
# or Puppet catalog compilation will fail with duplicate resources.
|
||||||
#
|
#
|
||||||
class keystone::config (
|
class keystone::config (
|
||||||
$keystone_config = {},
|
Hash $keystone_config = {},
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include keystone::deps
|
include keystone::deps
|
||||||
|
|
||||||
validate_legacy(Hash, 'validate_hash', $keystone_config)
|
|
||||||
|
|
||||||
create_resources('keystone_config', $keystone_config)
|
create_resources('keystone_config', $keystone_config)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -34,7 +34,7 @@
|
|||||||
# Defaults to 'utf8_general_ci'
|
# Defaults to 'utf8_general_ci'
|
||||||
#
|
#
|
||||||
class keystone::db::mysql(
|
class keystone::db::mysql(
|
||||||
$password,
|
String[1] $password,
|
||||||
$dbname = 'keystone',
|
$dbname = 'keystone',
|
||||||
$user = 'keystone',
|
$user = 'keystone',
|
||||||
$host = '127.0.0.1',
|
$host = '127.0.0.1',
|
||||||
@@ -45,8 +45,6 @@ class keystone::db::mysql(
|
|||||||
|
|
||||||
include keystone::deps
|
include keystone::deps
|
||||||
|
|
||||||
validate_legacy(String, 'validate_string', $password)
|
|
||||||
|
|
||||||
::openstacklib::db::mysql { 'keystone':
|
::openstacklib::db::mysql { 'keystone':
|
||||||
user => $user,
|
user => $user,
|
||||||
password => $password,
|
password => $password,
|
||||||
|
|||||||
@@ -81,7 +81,7 @@
|
|||||||
class keystone::federation::identity_provider(
|
class keystone::federation::identity_provider(
|
||||||
$idp_entity_id,
|
$idp_entity_id,
|
||||||
$idp_sso_endpoint,
|
$idp_sso_endpoint,
|
||||||
$idp_metadata_path,
|
Stdlib::Absolutepath $idp_metadata_path,
|
||||||
$certfile = $::keystone::ssl_ca_certs,
|
$certfile = $::keystone::ssl_ca_certs,
|
||||||
$keyfile = $::keystone::ssl_ca_key,
|
$keyfile = $::keystone::ssl_ca_key,
|
||||||
$user = $::keystone::params::user,
|
$user = $::keystone::params::user,
|
||||||
|
|||||||
@@ -35,8 +35,8 @@ class keystone::federation::mellon (
|
|||||||
$methods,
|
$methods,
|
||||||
$idp_name,
|
$idp_name,
|
||||||
$protocol_name,
|
$protocol_name,
|
||||||
$template_order = 331,
|
$template_order = 331,
|
||||||
$enable_websso = false,
|
Boolean $enable_websso = false,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include apache
|
include apache
|
||||||
@@ -58,8 +58,6 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
|
|||||||
fail('Methods should contain saml2 as one of the auth methods.')
|
fail('Methods should contain saml2 as one of the auth methods.')
|
||||||
}
|
}
|
||||||
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $enable_websso)
|
|
||||||
|
|
||||||
keystone_config {
|
keystone_config {
|
||||||
'auth/methods': value => join(any2array($methods),',');
|
'auth/methods': value => join(any2array($methods),',');
|
||||||
'auth/saml2': ensure => absent;
|
'auth/saml2': ensure => absent;
|
||||||
|
|||||||
@@ -144,7 +144,7 @@ class keystone::federation::openidc (
|
|||||||
$openidc_cache_dir = undef,
|
$openidc_cache_dir = undef,
|
||||||
$openidc_cache_clean_interval = undef,
|
$openidc_cache_clean_interval = undef,
|
||||||
$openidc_claim_delimiter = undef,
|
$openidc_claim_delimiter = undef,
|
||||||
$openidc_enable_oauth = false,
|
Boolean $openidc_enable_oauth = false,
|
||||||
$openidc_introspection_endpoint = undef,
|
$openidc_introspection_endpoint = undef,
|
||||||
$openidc_verify_jwks_uri = undef,
|
$openidc_verify_jwks_uri = undef,
|
||||||
$openidc_verify_method = 'introspection',
|
$openidc_verify_method = 'introspection',
|
||||||
@@ -163,8 +163,6 @@ class keystone::federation::openidc (
|
|||||||
include keystone::deps
|
include keystone::deps
|
||||||
include keystone::params
|
include keystone::params
|
||||||
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $openidc_enable_oauth)
|
|
||||||
|
|
||||||
if !($openidc_verify_method in ['introspection', 'jwks']) {
|
if !($openidc_verify_method in ['introspection', 'jwks']) {
|
||||||
fail('Unsupported token verification method.' +
|
fail('Unsupported token verification method.' +
|
||||||
' Must be one of "introspection" or "jwks"')
|
' Must be one of "introspection" or "jwks"')
|
||||||
|
|||||||
@@ -45,9 +45,9 @@
|
|||||||
#
|
#
|
||||||
class keystone::federation::shibboleth (
|
class keystone::federation::shibboleth (
|
||||||
$methods,
|
$methods,
|
||||||
$suppress_warning = false,
|
Boolean $suppress_warning = false,
|
||||||
$template_order = 331,
|
$template_order = 331,
|
||||||
$yum_repo_name = 'shibboleth',
|
$yum_repo_name = 'shibboleth',
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include apache
|
include apache
|
||||||
@@ -67,8 +67,6 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
|
|||||||
fail('Methods should contain saml2 as one of the auth methods.')
|
fail('Methods should contain saml2 as one of the auth methods.')
|
||||||
}
|
}
|
||||||
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $suppress_warning)
|
|
||||||
|
|
||||||
keystone_config {
|
keystone_config {
|
||||||
'auth/methods': value => join(any2array($methods),',');
|
'auth/methods': value => join(any2array($methods),',');
|
||||||
'auth/saml2': ensure => absent;
|
'auth/saml2': ensure => absent;
|
||||||
|
|||||||
@@ -333,77 +333,69 @@
|
|||||||
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
|
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
|
||||||
#
|
#
|
||||||
class keystone(
|
class keystone(
|
||||||
$package_ensure = 'present',
|
$package_ensure = 'present',
|
||||||
$catalog_driver = $facts['os_service_default'],
|
$catalog_driver = $facts['os_service_default'],
|
||||||
$catalog_template_file = '/etc/keystone/default_catalog.templates',
|
$catalog_template_file = '/etc/keystone/default_catalog.templates',
|
||||||
$token_provider = 'fernet',
|
$token_provider = 'fernet',
|
||||||
$token_expiration = 3600,
|
$token_expiration = 3600,
|
||||||
$password_hash_algorithm = $facts['os_service_default'],
|
$password_hash_algorithm = $facts['os_service_default'],
|
||||||
$password_hash_rounds = $facts['os_service_default'],
|
$password_hash_rounds = $facts['os_service_default'],
|
||||||
$revoke_driver = $facts['os_service_default'],
|
$revoke_driver = $facts['os_service_default'],
|
||||||
$revoke_by_id = true,
|
$revoke_by_id = true,
|
||||||
$public_endpoint = $facts['os_service_default'],
|
$public_endpoint = $facts['os_service_default'],
|
||||||
$manage_service = true,
|
Boolean $manage_service = true,
|
||||||
$enabled = true,
|
Boolean $enabled = true,
|
||||||
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
|
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
|
||||||
$rabbit_heartbeat_rate = $facts['os_service_default'],
|
$rabbit_heartbeat_rate = $facts['os_service_default'],
|
||||||
$rabbit_heartbeat_in_pthread = $facts['os_service_default'],
|
$rabbit_heartbeat_in_pthread = $facts['os_service_default'],
|
||||||
$rabbit_use_ssl = $facts['os_service_default'],
|
$rabbit_use_ssl = $facts['os_service_default'],
|
||||||
$default_transport_url = $facts['os_service_default'],
|
$default_transport_url = $facts['os_service_default'],
|
||||||
$rabbit_ha_queues = $facts['os_service_default'],
|
$rabbit_ha_queues = $facts['os_service_default'],
|
||||||
$kombu_ssl_ca_certs = $facts['os_service_default'],
|
$kombu_ssl_ca_certs = $facts['os_service_default'],
|
||||||
$kombu_ssl_certfile = $facts['os_service_default'],
|
$kombu_ssl_certfile = $facts['os_service_default'],
|
||||||
$kombu_ssl_keyfile = $facts['os_service_default'],
|
$kombu_ssl_keyfile = $facts['os_service_default'],
|
||||||
$kombu_ssl_version = $facts['os_service_default'],
|
$kombu_ssl_version = $facts['os_service_default'],
|
||||||
$kombu_reconnect_delay = $facts['os_service_default'],
|
$kombu_reconnect_delay = $facts['os_service_default'],
|
||||||
$kombu_failover_strategy = $facts['os_service_default'],
|
$kombu_failover_strategy = $facts['os_service_default'],
|
||||||
$kombu_compression = $facts['os_service_default'],
|
$kombu_compression = $facts['os_service_default'],
|
||||||
$notification_transport_url = $facts['os_service_default'],
|
$notification_transport_url = $facts['os_service_default'],
|
||||||
$notification_driver = $facts['os_service_default'],
|
$notification_driver = $facts['os_service_default'],
|
||||||
$notification_topics = $facts['os_service_default'],
|
$notification_topics = $facts['os_service_default'],
|
||||||
$notification_format = $facts['os_service_default'],
|
$notification_format = $facts['os_service_default'],
|
||||||
$notification_opt_out = $facts['os_service_default'],
|
$notification_opt_out = $facts['os_service_default'],
|
||||||
$control_exchange = $facts['os_service_default'],
|
$control_exchange = $facts['os_service_default'],
|
||||||
$executor_thread_pool_size = $facts['os_service_default'],
|
$executor_thread_pool_size = $facts['os_service_default'],
|
||||||
$rpc_response_timeout = $facts['os_service_default'],
|
$rpc_response_timeout = $facts['os_service_default'],
|
||||||
$service_name = $::keystone::params::service_name,
|
$service_name = $::keystone::params::service_name,
|
||||||
$max_token_size = $facts['os_service_default'],
|
$max_token_size = $facts['os_service_default'],
|
||||||
$sync_db = true,
|
Boolean $sync_db = true,
|
||||||
$enable_fernet_setup = true,
|
Boolean $enable_fernet_setup = true,
|
||||||
$fernet_key_repository = '/etc/keystone/fernet-keys',
|
Stdlib::Absolutepath $fernet_key_repository = '/etc/keystone/fernet-keys',
|
||||||
$fernet_max_active_keys = $facts['os_service_default'],
|
$fernet_max_active_keys = $facts['os_service_default'],
|
||||||
$fernet_keys = false,
|
Optional[Hash] $fernet_keys = undef,
|
||||||
$fernet_replace_keys = true,
|
$fernet_replace_keys = true,
|
||||||
$enable_credential_setup = true,
|
Boolean $enable_credential_setup = true,
|
||||||
$credential_key_repository = '/etc/keystone/credential-keys',
|
Stdlib::Absolutepath $credential_key_repository = '/etc/keystone/credential-keys',
|
||||||
$credential_keys = false,
|
Optional[Hash] $credential_keys = undef,
|
||||||
$default_domain = undef,
|
$default_domain = undef,
|
||||||
$policy_driver = $facts['os_service_default'],
|
$policy_driver = $facts['os_service_default'],
|
||||||
$using_domain_config = false,
|
Boolean $using_domain_config = false,
|
||||||
$domain_config_directory = '/etc/keystone/domains',
|
Stdlib::Absolutepath $domain_config_directory = '/etc/keystone/domains',
|
||||||
$keystone_user = $::keystone::params::user,
|
$keystone_user = $::keystone::params::user,
|
||||||
$keystone_group = $::keystone::params::group,
|
$keystone_group = $::keystone::params::group,
|
||||||
$manage_policyrcd = false,
|
Boolean $manage_policyrcd = false,
|
||||||
$enable_proxy_headers_parsing = $facts['os_service_default'],
|
$enable_proxy_headers_parsing = $facts['os_service_default'],
|
||||||
$max_request_body_size = $facts['os_service_default'],
|
$max_request_body_size = $facts['os_service_default'],
|
||||||
$purge_config = false,
|
$purge_config = false,
|
||||||
$amqp_durable_queues = $facts['os_service_default'],
|
$amqp_durable_queues = $facts['os_service_default'],
|
||||||
# DEPRECATED PARAMETERS
|
# DEPRECATED PARAMETERS
|
||||||
$client_package_ensure = undef,
|
$client_package_ensure = undef,
|
||||||
) inherits keystone::params {
|
) inherits keystone::params {
|
||||||
|
|
||||||
include keystone::deps
|
include keystone::deps
|
||||||
include keystone::logging
|
include keystone::logging
|
||||||
include keystone::policy
|
include keystone::policy
|
||||||
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $manage_service)
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $enabled)
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $sync_db)
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $enable_fernet_setup)
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $enable_credential_setup)
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $using_domain_config)
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $manage_policyrcd)
|
|
||||||
|
|
||||||
if $client_package_ensure != undef {
|
if $client_package_ensure != undef {
|
||||||
warning('The client_package_ensure parameter is deprecated and has no effect.')
|
warning('The client_package_ensure parameter is deprecated and has no effect.')
|
||||||
}
|
}
|
||||||
@@ -558,7 +550,6 @@ class keystone(
|
|||||||
|
|
||||||
# Fernet tokens support
|
# Fernet tokens support
|
||||||
if $enable_fernet_setup {
|
if $enable_fernet_setup {
|
||||||
validate_legacy(String, 'validate_string', $fernet_key_repository)
|
|
||||||
ensure_resource('file', $fernet_key_repository, {
|
ensure_resource('file', $fernet_key_repository, {
|
||||||
ensure => 'directory',
|
ensure => 'directory',
|
||||||
owner => $keystone_user,
|
owner => $keystone_user,
|
||||||
@@ -568,7 +559,6 @@ class keystone(
|
|||||||
})
|
})
|
||||||
|
|
||||||
if $fernet_keys {
|
if $fernet_keys {
|
||||||
validate_legacy(Hash, 'validate_hash', $fernet_keys)
|
|
||||||
create_resources('file', $fernet_keys, {
|
create_resources('file', $fernet_keys, {
|
||||||
'owner' => $keystone_user,
|
'owner' => $keystone_user,
|
||||||
'group' => $keystone_group,
|
'group' => $keystone_group,
|
||||||
@@ -596,7 +586,6 @@ class keystone(
|
|||||||
|
|
||||||
# Credential support
|
# Credential support
|
||||||
if $enable_credential_setup {
|
if $enable_credential_setup {
|
||||||
validate_legacy(String, 'validate_string', $credential_key_repository)
|
|
||||||
ensure_resource('file', $credential_key_repository, {
|
ensure_resource('file', $credential_key_repository, {
|
||||||
ensure => 'directory',
|
ensure => 'directory',
|
||||||
owner => $keystone_user,
|
owner => $keystone_user,
|
||||||
@@ -606,7 +595,6 @@ class keystone(
|
|||||||
})
|
})
|
||||||
|
|
||||||
if $credential_keys {
|
if $credential_keys {
|
||||||
validate_legacy(Hash, 'validate_hash', $credential_keys)
|
|
||||||
create_resources('file', $credential_keys, {
|
create_resources('file', $credential_keys, {
|
||||||
'owner' => $keystone_user,
|
'owner' => $keystone_user,
|
||||||
'group' => $keystone_group,
|
'group' => $keystone_group,
|
||||||
@@ -681,8 +669,6 @@ class keystone(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if $using_domain_config {
|
if $using_domain_config {
|
||||||
validate_legacy(Stdlib::Absolutepath, 'validate_absolute_path', $domain_config_directory)
|
|
||||||
|
|
||||||
file { $domain_config_directory:
|
file { $domain_config_directory:
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
owner => $keystone_user,
|
owner => $keystone_user,
|
||||||
|
|||||||
@@ -283,7 +283,8 @@ class keystone::ldap(
|
|||||||
$group_additional_attribute_mapping = $facts['os_service_default'],
|
$group_additional_attribute_mapping = $facts['os_service_default'],
|
||||||
$chase_referrals = $facts['os_service_default'],
|
$chase_referrals = $facts['os_service_default'],
|
||||||
$use_tls = $facts['os_service_default'],
|
$use_tls = $facts['os_service_default'],
|
||||||
$tls_cacertdir = $facts['os_service_default'],
|
Variant[Openstacklib::ServiceDefault, Stdlib::Absolutepath] $tls_cacertdir
|
||||||
|
= $facts['os_service_default'],
|
||||||
$tls_cacertfile = $facts['os_service_default'],
|
$tls_cacertfile = $facts['os_service_default'],
|
||||||
$tls_req_cert = $facts['os_service_default'],
|
$tls_req_cert = $facts['os_service_default'],
|
||||||
$identity_driver = $facts['os_service_default'],
|
$identity_driver = $facts['os_service_default'],
|
||||||
@@ -299,13 +300,11 @@ class keystone::ldap(
|
|||||||
$auth_pool_size = $facts['os_service_default'],
|
$auth_pool_size = $facts['os_service_default'],
|
||||||
$auth_pool_connection_lifetime = $facts['os_service_default'],
|
$auth_pool_connection_lifetime = $facts['os_service_default'],
|
||||||
$package_ensure = present,
|
$package_ensure = present,
|
||||||
$manage_packages = true,
|
Boolean $manage_packages = true,
|
||||||
) inherits keystone::params {
|
) inherits keystone::params {
|
||||||
|
|
||||||
include keystone::deps
|
include keystone::deps
|
||||||
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $manage_packages)
|
|
||||||
|
|
||||||
if $manage_packages {
|
if $manage_packages {
|
||||||
ensure_resource('package', 'python-ldappool', {
|
ensure_resource('package', 'python-ldappool', {
|
||||||
ensure => $package_ensure,
|
ensure => $package_ensure,
|
||||||
|
|||||||
@@ -295,16 +295,13 @@ define keystone::ldap_backend(
|
|||||||
$auth_pool_size = $facts['os_service_default'],
|
$auth_pool_size = $facts['os_service_default'],
|
||||||
$auth_pool_connection_lifetime = $facts['os_service_default'],
|
$auth_pool_connection_lifetime = $facts['os_service_default'],
|
||||||
$package_ensure = present,
|
$package_ensure = present,
|
||||||
$manage_packages = true,
|
Boolean $manage_packages = true,
|
||||||
$create_domain_entry = false,
|
Boolean $create_domain_entry = false,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include keystone::deps
|
include keystone::deps
|
||||||
include keystone::params
|
include keystone::params
|
||||||
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $manage_packages)
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $create_domain_entry)
|
|
||||||
|
|
||||||
if !defined(Class[keystone]) {
|
if !defined(Class[keystone]) {
|
||||||
fail('The keystone class should be included before this class')
|
fail('The keystone class should be included before this class')
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -48,7 +48,7 @@
|
|||||||
class keystone::policy (
|
class keystone::policy (
|
||||||
$enforce_scope = $facts['os_service_default'],
|
$enforce_scope = $facts['os_service_default'],
|
||||||
$enforce_new_defaults = $facts['os_service_default'],
|
$enforce_new_defaults = $facts['os_service_default'],
|
||||||
$policies = {},
|
Hash $policies = {},
|
||||||
$policy_path = '/etc/keystone/policy.yaml',
|
$policy_path = '/etc/keystone/policy.yaml',
|
||||||
$policy_default_rule = $facts['os_service_default'],
|
$policy_default_rule = $facts['os_service_default'],
|
||||||
$policy_dirs = $facts['os_service_default'],
|
$policy_dirs = $facts['os_service_default'],
|
||||||
@@ -58,8 +58,6 @@ class keystone::policy (
|
|||||||
include keystone::deps
|
include keystone::deps
|
||||||
include keystone::params
|
include keystone::params
|
||||||
|
|
||||||
validate_legacy(Hash, 'validate_hash', $policies)
|
|
||||||
|
|
||||||
$policy_parameters = {
|
$policy_parameters = {
|
||||||
policies => $policies,
|
policies => $policies,
|
||||||
policy_path => $policy_path,
|
policy_path => $policy_path,
|
||||||
|
|||||||
@@ -231,56 +231,46 @@ define keystone::resource::authtoken(
|
|||||||
$username,
|
$username,
|
||||||
$password,
|
$password,
|
||||||
$auth_url,
|
$auth_url,
|
||||||
$project_name = $facts['os_service_default'],
|
$project_name = $facts['os_service_default'],
|
||||||
$user_domain_name = $facts['os_service_default'],
|
$user_domain_name = $facts['os_service_default'],
|
||||||
$project_domain_name = $facts['os_service_default'],
|
$project_domain_name = $facts['os_service_default'],
|
||||||
$system_scope = $facts['os_service_default'],
|
$system_scope = $facts['os_service_default'],
|
||||||
$insecure = $facts['os_service_default'],
|
$insecure = $facts['os_service_default'],
|
||||||
$auth_section = $facts['os_service_default'],
|
$auth_section = $facts['os_service_default'],
|
||||||
$auth_type = $facts['os_service_default'],
|
$auth_type = $facts['os_service_default'],
|
||||||
$www_authenticate_uri = $facts['os_service_default'],
|
$www_authenticate_uri = $facts['os_service_default'],
|
||||||
$auth_version = $facts['os_service_default'],
|
$auth_version = $facts['os_service_default'],
|
||||||
$cache = $facts['os_service_default'],
|
$cache = $facts['os_service_default'],
|
||||||
$cafile = $facts['os_service_default'],
|
$cafile = $facts['os_service_default'],
|
||||||
$certfile = $facts['os_service_default'],
|
$certfile = $facts['os_service_default'],
|
||||||
$collect_timing = $facts['os_service_default'],
|
$collect_timing = $facts['os_service_default'],
|
||||||
$delay_auth_decision = $facts['os_service_default'],
|
$delay_auth_decision = $facts['os_service_default'],
|
||||||
$enforce_token_bind = $facts['os_service_default'],
|
$enforce_token_bind = $facts['os_service_default'],
|
||||||
$http_connect_timeout = $facts['os_service_default'],
|
$http_connect_timeout = $facts['os_service_default'],
|
||||||
$http_request_max_retries = $facts['os_service_default'],
|
$http_request_max_retries = $facts['os_service_default'],
|
||||||
$include_service_catalog = $facts['os_service_default'],
|
$include_service_catalog = $facts['os_service_default'],
|
||||||
$keyfile = $facts['os_service_default'],
|
$keyfile = $facts['os_service_default'],
|
||||||
$memcache_pool_conn_get_timeout = $facts['os_service_default'],
|
$memcache_pool_conn_get_timeout = $facts['os_service_default'],
|
||||||
$memcache_pool_dead_retry = $facts['os_service_default'],
|
$memcache_pool_dead_retry = $facts['os_service_default'],
|
||||||
$memcache_pool_maxsize = $facts['os_service_default'],
|
$memcache_pool_maxsize = $facts['os_service_default'],
|
||||||
$memcache_pool_socket_timeout = $facts['os_service_default'],
|
$memcache_pool_socket_timeout = $facts['os_service_default'],
|
||||||
$memcache_pool_unused_timeout = $facts['os_service_default'],
|
$memcache_pool_unused_timeout = $facts['os_service_default'],
|
||||||
$memcache_secret_key = $facts['os_service_default'],
|
$memcache_secret_key = $facts['os_service_default'],
|
||||||
$memcache_security_strategy = $facts['os_service_default'],
|
$memcache_security_strategy = $facts['os_service_default'],
|
||||||
$memcache_use_advanced_pool = $facts['os_service_default'],
|
$memcache_use_advanced_pool = $facts['os_service_default'],
|
||||||
$memcached_servers = $facts['os_service_default'],
|
$memcached_servers = $facts['os_service_default'],
|
||||||
$region_name = $facts['os_service_default'],
|
$region_name = $facts['os_service_default'],
|
||||||
$token_cache_time = $facts['os_service_default'],
|
$token_cache_time = $facts['os_service_default'],
|
||||||
$manage_memcache_package = false,
|
Boolean $manage_memcache_package = false,
|
||||||
$service_token_roles = $facts['os_service_default'],
|
$service_token_roles = $facts['os_service_default'],
|
||||||
$service_token_roles_required = $facts['os_service_default'],
|
$service_token_roles_required = $facts['os_service_default'],
|
||||||
$service_type = $facts['os_service_default'],
|
$service_type = $facts['os_service_default'],
|
||||||
$interface = $facts['os_service_default'],
|
$interface = $facts['os_service_default'],
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include keystone::deps
|
include keystone::deps
|
||||||
include keystone::params
|
include keystone::params
|
||||||
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $manage_memcache_package)
|
|
||||||
|
|
||||||
if !is_service_default($include_service_catalog) {
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $include_service_catalog)
|
|
||||||
}
|
|
||||||
|
|
||||||
if !is_service_default($memcache_use_advanced_pool) {
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $memcache_use_advanced_pool)
|
|
||||||
}
|
|
||||||
|
|
||||||
if !is_service_default($memcache_security_strategy) {
|
if !is_service_default($memcache_security_strategy) {
|
||||||
if !(downcase($memcache_security_strategy) in ['none', 'mac', 'encrypt']){
|
if !(downcase($memcache_security_strategy) in ['none', 'mac', 'encrypt']){
|
||||||
fail('memcache_security_strategy can be set only to None, MAC or ENCRYPT')
|
fail('memcache_security_strategy can be set only to None, MAC or ENCRYPT')
|
||||||
@@ -291,10 +281,6 @@ define keystone::resource::authtoken(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if !is_service_default($delay_auth_decision) {
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $delay_auth_decision)
|
|
||||||
}
|
|
||||||
|
|
||||||
if !is_service_default($memcached_servers) and !empty($memcached_servers){
|
if !is_service_default($memcached_servers) and !empty($memcached_servers){
|
||||||
$memcached_servers_array = $memcached_servers ? {
|
$memcached_servers_array = $memcached_servers ? {
|
||||||
String => split($memcached_servers, ','),
|
String => split($memcached_servers, ','),
|
||||||
|
|||||||
@@ -112,40 +112,32 @@
|
|||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
define keystone::resource::service_identity(
|
define keystone::resource::service_identity(
|
||||||
$ensure = 'present',
|
Enum['present', 'absent'] $ensure = 'present',
|
||||||
$admin_url = false,
|
Optional[String] $admin_url = undef,
|
||||||
$internal_url = false,
|
Optional[String] $internal_url = undef,
|
||||||
$password = false,
|
Optional[String] $password = undef,
|
||||||
$public_url = false,
|
Optional[String] $public_url = undef,
|
||||||
$service_type = false,
|
Optional[String] $service_type = undef,
|
||||||
$auth_name = $name,
|
String[1] $auth_name = $name,
|
||||||
$configure_endpoint = true,
|
Boolean $configure_endpoint = true,
|
||||||
$configure_user = true,
|
Boolean $configure_user = true,
|
||||||
$configure_user_role = true,
|
Boolean $configure_user_role = true,
|
||||||
$configure_service = true,
|
Boolean $configure_service = true,
|
||||||
$email = "${name}@localhost",
|
String $email = "${name}@localhost",
|
||||||
$region = 'RegionOne',
|
String[1] $region = 'RegionOne',
|
||||||
$service_name = undef,
|
Optional[String[1]] $service_name = undef,
|
||||||
$service_description = "${name} service",
|
String $service_description = "${name} service",
|
||||||
$tenant = 'services',
|
String[1] $tenant = 'services',
|
||||||
$roles = ['admin'],
|
Array[String[1]] $roles = ['admin'],
|
||||||
$system_scope = 'all',
|
String[1] $system_scope = 'all',
|
||||||
$system_roles = [],
|
Array[String[1]] $system_roles = [],
|
||||||
$user_domain = undef,
|
Optional[String[1]] $user_domain = undef,
|
||||||
$project_domain = undef,
|
Optional[String[1]] $project_domain = undef,
|
||||||
$default_domain = undef,
|
Optional[String[1]] $default_domain = undef,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include keystone::deps
|
include keystone::deps
|
||||||
|
|
||||||
validate_legacy(Enum['present', 'absent'], 'validate_re', $ensure,
|
|
||||||
[['^present$', '^absent$'], 'Valid values for ensure parameter are present or absent'])
|
|
||||||
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $configure_endpoint)
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $configure_user)
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $configure_user_role)
|
|
||||||
validate_legacy(Boolean, 'validate_bool', $configure_service)
|
|
||||||
|
|
||||||
if $service_name == undef {
|
if $service_name == undef {
|
||||||
$service_name_real = $auth_name
|
$service_name_real = $auth_name
|
||||||
} else {
|
} else {
|
||||||
@@ -159,12 +151,13 @@ define keystone::resource::service_identity(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if $configure_user {
|
if $configure_user {
|
||||||
validate_legacy(String, 'validate_string', $password)
|
['password', 'auth_name', 'email'].each |String $userprop| {
|
||||||
validate_legacy(String, 'validate_string', $auth_name)
|
if getvar($userprop) == undef {
|
||||||
validate_legacy(String, 'validate_string', $email)
|
fail("The ${userprop} parameter is required when configuring a user.")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if $user_domain_real {
|
if $user_domain_real {
|
||||||
validate_legacy(String, 'validate_string', $user_domain_real)
|
|
||||||
# We have to use ensure_resource here and hope for the best, because we have
|
# We have to use ensure_resource here and hope for the best, because we have
|
||||||
# no way to know if the $user_domain is the same domain passed as the
|
# no way to know if the $user_domain is the same domain passed as the
|
||||||
# $default_domain parameter to class keystone.
|
# $default_domain parameter to class keystone.
|
||||||
@@ -173,23 +166,18 @@ define keystone::resource::service_identity(
|
|||||||
'enabled' => true,
|
'enabled' => true,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
ensure_resource('keystone_user', $auth_name, {
|
ensure_resource('keystone_user', $auth_name, {
|
||||||
'ensure' => $ensure,
|
'ensure' => $ensure,
|
||||||
'enabled' => true,
|
'enabled' => true,
|
||||||
'password' => $password,
|
'password' => $password,
|
||||||
'email' => $email,
|
'email' => $email,
|
||||||
'domain' => $user_domain_real,
|
'domain' => $user_domain_real,
|
||||||
})
|
})
|
||||||
if ! $password {
|
|
||||||
warning("No password had been set for ${auth_name} user.")
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if $configure_user_role {
|
if $configure_user_role {
|
||||||
validate_legacy(String, 'validate_string', $tenant)
|
|
||||||
validate_legacy(String, 'validate_string', $system_scope)
|
|
||||||
validate_legacy(Array, 'validate_array', $roles)
|
|
||||||
validate_legacy(Array, 'validate_array', $system_roles)
|
|
||||||
|
|
||||||
if $ensure == 'present' {
|
if $ensure == 'present' {
|
||||||
# NOTE(jaosorior): We only handle ensure 'present' here, since deleting a
|
# NOTE(jaosorior): We only handle ensure 'present' here, since deleting a
|
||||||
@@ -199,6 +187,7 @@ define keystone::resource::service_identity(
|
|||||||
ensure_resource('keystone_role', $roles, { 'ensure' => 'present' })
|
ensure_resource('keystone_role', $roles, { 'ensure' => 'present' })
|
||||||
ensure_resource('keystone_role', $system_roles, { 'ensure' => 'present' })
|
ensure_resource('keystone_role', $system_roles, { 'ensure' => 'present' })
|
||||||
}
|
}
|
||||||
|
|
||||||
unless empty($roles) {
|
unless empty($roles) {
|
||||||
ensure_resource('keystone_user_role', "${auth_name}@${tenant}", {
|
ensure_resource('keystone_user_role', "${auth_name}@${tenant}", {
|
||||||
'ensure' => $ensure,
|
'ensure' => $ensure,
|
||||||
|
|||||||
@@ -118,9 +118,9 @@ describe 'keystone::resource::service_identity' do
|
|||||||
|
|
||||||
context 'when trying to create an endpoint without service_type (will be dropped in Mitaka)' do
|
context 'when trying to create an endpoint without service_type (will be dropped in Mitaka)' do
|
||||||
let :params do
|
let :params do
|
||||||
|
required_params.delete(:service_type)
|
||||||
required_params.merge(
|
required_params.merge(
|
||||||
:configure_service => false,
|
:configure_service => false,
|
||||||
:service_type => false,
|
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
it { is_expected.to contain_keystone_endpoint("RegionOne/#{title}").with(
|
it { is_expected.to contain_keystone_endpoint("RegionOne/#{title}").with(
|
||||||
|
|||||||
Reference in New Issue
Block a user