From f342aad94615655fe96959186c031157c209a659 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Thu, 27 Aug 2020 21:58:22 +0900 Subject: [PATCH] Fix python package names (ldappool and pysaml2) This patch fixes package name of python-ldapppool and python-pysaml2, so that correct package names, python3-*, are used in OSs which use Python3 as the default Python. Change-Id: I0dc5dd487996307811edd177d13d6d5ac8f841ee --- manifests/federation/identity_provider.pp | 15 +- manifests/ldap.pp | 9 +- manifests/ldap_backend.pp | 6 +- manifests/params.pp | 4 + ...stone_federation_identity_provider_spec.rb | 16 +- spec/classes/keystone_ldap_spec.rb | 22 +- spec/defines/keystone_ldap_backend_spec.rb | 392 ++++++++++-------- 7 files changed, 274 insertions(+), 190 deletions(-) diff --git a/manifests/federation/identity_provider.pp b/manifests/federation/identity_provider.pp index f20138626..64bea6878 100644 --- a/manifests/federation/identity_provider.pp +++ b/manifests/federation/identity_provider.pp @@ -104,11 +104,16 @@ class keystone::federation::identity_provider( fail ('Keystone need to be running under Apache for Federation work.') } - ensure_packages(['xmlsec1','python-pysaml2'], { - ensure => $package_ensure, - allow_virtual => true, - tag => 'keystone-support-package', - }) + package{ 'xmlsec1': + ensure => $package_ensure, + tag => 'keystone-support-package', + } + + package{ 'python-pysaml2': + ensure => $package_ensure, + name => $keystone::params::python_pysaml2_package_name, + tag => 'keystone-support-package', + } keystone_config { 'saml/certfile': value => $certfile; diff --git a/manifests/ldap.pp b/manifests/ldap.pp index 1e17a26c6..79c49e7b0 100644 --- a/manifests/ldap.pp +++ b/manifests/ldap.pp @@ -443,13 +443,16 @@ class keystone::ldap( $auth_pool_connection_lifetime = 60, $package_ensure = present, $manage_packages = true, -) { +) inherits keystone::params { include keystone::deps if $manage_packages { - ensure_resource('package', 'python-ldappool', { ensure => $package_ensure, - tag => 'keystone-package' }) + ensure_resource('package', 'python-ldappool', { + ensure => $package_ensure, + name => $keystone::params::python_ldappool_package_name, + tag => 'keystone-package' + }) } if ($tls_cacertdir != undef) { diff --git a/manifests/ldap_backend.pp b/manifests/ldap_backend.pp index be6ebce84..3ad48527c 100644 --- a/manifests/ldap_backend.pp +++ b/manifests/ldap_backend.pp @@ -487,6 +487,7 @@ define keystone::ldap_backend( ) { include keystone::deps + include keystone::params $domain_enabled = getparam(Keystone_config['identity/domain_specific_drivers_enabled'], 'value') $domain_dir_enabled = getparam(Keystone_config['identity/domain_config_dir'], 'value') @@ -653,8 +654,9 @@ and \"${domain_dir_enabled}\" for identity/domain_config_dir" if $manage_packages { ensure_resource('package', 'python-ldappool', { - ensure => $package_ensure, - tag => ['openstack', 'keystone-package'], + ensure => $package_ensure, + name => $keystone::params::python_ldappool_package_name, + tag => ['openstack', 'keystone-package'], }) } diff --git a/manifests/params.pp b/manifests/params.pp index 7791aaaad..ed372a08f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -16,6 +16,8 @@ class keystone::params { $service_name = 'keystone' $keystone_wsgi_script_path = '/usr/lib/cgi-bin/keystone' $python_memcache_package_name = "python${pyvers}-memcache" + $python_ldappool_package_name = "python${pyvers}-ldappool" + $python_pysaml2_package_name = "python${pyvers}-pysaml2" $mellon_package_name = 'libapache2-mod-auth-mellon' $openidc_package_name = 'libapache2-mod-auth-openidc' } @@ -24,6 +26,8 @@ class keystone::params { $service_name = 'openstack-keystone' $keystone_wsgi_script_path = '/var/www/cgi-bin/keystone' $python_memcache_package_name = "python${pyvers}-memcached" + $python_ldappool_package_name = "python${pyvers}-ldappool" + $python_pysaml2_package_name = "python${pyvers}-pysaml2" $mellon_package_name = 'mod_auth_mellon' $openidc_package_name = 'mod_auth_openidc' } diff --git a/spec/classes/keystone_federation_identity_provider_spec.rb b/spec/classes/keystone_federation_identity_provider_spec.rb index 1ca11b712..f9202ea4b 100644 --- a/spec/classes/keystone_federation_identity_provider_spec.rb +++ b/spec/classes/keystone_federation_identity_provider_spec.rb @@ -43,6 +43,7 @@ describe 'keystone::federation::identity_provider' do it { is_expected.to contain_package('python-pysaml2').with( :ensure => 'present', + :name => platform_params[:python_pysaml2_package_name], )} it { @@ -121,10 +122,23 @@ describe 'keystone::federation::identity_provider' do let (:platform_params) do if facts[:osfamily] == 'RedHat' keystone_service = 'openstack-keystone' + if facts[:operatingsystem] == 'Fedora' + python_pysaml2_package_name = 'python3-pysaml2' + else + if facts[:operatingsystemmajrelease] > '7' + python_pysaml2_package_name = 'python3-pysaml2' + else + python_pysaml2_package_name = 'python-pysaml2' + end + end else keystone_service = 'keystone' + python_pysaml2_package_name = 'python3-pysaml2' end - { :keystone_service => keystone_service } + { + :keystone_service => keystone_service, + :python_pysaml2_package_name => python_pysaml2_package_name + } end it_behaves_like 'keystone::federation::identity_provider' diff --git a/spec/classes/keystone_ldap_spec.rb b/spec/classes/keystone_ldap_spec.rb index 29445be2f..91cecc1f8 100644 --- a/spec/classes/keystone_ldap_spec.rb +++ b/spec/classes/keystone_ldap_spec.rb @@ -83,7 +83,11 @@ describe 'keystone::ldap' do end context 'with parameters' do - it { is_expected.to contain_package('python-ldappool') } + it { + is_expected.to contain_package('python-ldappool').with( + :name => platform_params[:python_ldappool_package_name], + ) + } it { is_expected.to contain_keystone_config('ldap/url').with_value('ldap://foo') @@ -202,6 +206,22 @@ describe 'keystone::ldap' do facts.merge!(OSDefaults.get_facts()) end + let (:platform_params) do + case facts[:osfamily] + when 'Debian' + { :python_ldappool_package_name => 'python3-ldappool' } + when 'RedHat' + if facts[:operatingsystem] == 'Fedora' + { :python_ldappool_package_name => 'python3-ldappool' } + else + if facts[:operatingsystemmajrelease] > '7' + { :python_ldappool_package_name => 'python3-ldappool' } + else + { :python_ldappool_package_name => 'python-ldappool' } + end + end + end + end it_behaves_like 'keystone::ldap' end end diff --git a/spec/defines/keystone_ldap_backend_spec.rb b/spec/defines/keystone_ldap_backend_spec.rb index 06bebbf7e..ead017c59 100644 --- a/spec/defines/keystone_ldap_backend_spec.rb +++ b/spec/defines/keystone_ldap_backend_spec.rb @@ -1,201 +1,237 @@ require 'spec_helper' describe 'keystone::ldap_backend' do - describe 'Using Default domain' do - let(:title) { 'Default' } - let(:pre_condition) do - <<-EOM - exec { 'restart_keystone': - path => ['/usr/sbin', '/usr/bin', '/sbin', '/bin/'], - command => "service ${service_name_real} restart", - refreshonly => true, - } - keystone_config {'identity/domain_specific_drivers_enabled': value => true} - keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'} - file {'/etc/keystone/keystone.conf': ensure => present } - EOM + shared_examples 'keystone::ldap_backend' do + + context 'Using Default domain' do + let(:title) { 'Default' } + let(:pre_condition) do + <<-EOM + exec { 'restart_keystone': + path => ['/usr/sbin', '/usr/bin', '/sbin', '/bin/'], + command => "service ${service_name_real} restart", + refreshonly => true, + } + keystone_config {'identity/domain_specific_drivers_enabled': value => true} + keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'} + file {'/etc/keystone/keystone.conf': ensure => present } + EOM + end + + context 'with basic params' do + let :params do + { + :url => 'ldap://foo', + :user => 'cn=foo,dc=example,dc=com', + :password => 'abcdefg', + :suffix => 'dc=example,dc=com', + :query_scope => 'sub', + :page_size => '50', + :user_tree_dn => 'cn=users,dc=example,dc=com', + :user_filter => '(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)', + :user_objectclass => 'inetUser', + :user_id_attribute => 'uid', + :user_name_attribute => 'cn', + :user_description_attribute => 'description', + :user_mail_attribute => 'mail', + :user_enabled_attribute => 'UserAccountControl', + :user_enabled_mask => '2', + :user_enabled_default => '512', + :user_enabled_invert => 'False', + :user_attribute_ignore => '', + :user_default_project_id_attribute => 'defaultProject', + :user_pass_attribute => 'krbPassword', + :user_enabled_emulation => 'True', + :user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com', + :user_additional_attribute_mapping => 'description:name, gecos:name', + :group_tree_dn => 'ou=groups,ou=openstack,dc=example,dc=com', + :group_filter => 'cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com', + :group_objectclass => 'organizationalRole', + :group_id_attribute => 'cn', + :group_name_attribute => 'cn', + :group_member_attribute => 'roleOccupant', + :group_members_are_ids => 'True', + :group_desc_attribute => 'description', + :group_attribute_ignore => '', + :group_additional_attribute_mapping => '', + :group_ad_nesting => 'True', + :chase_referrals => 'False', + :use_tls => 'False', + :tls_cacertdir => '/etc/ssl/certs/', + :tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt', + :tls_req_cert => 'demand', + :identity_driver => 'ldap', + :use_pool => 'True', + :pool_size => 20, + :pool_retry_max => 2, + :pool_retry_delay => 0.2, + :pool_connection_timeout => 222, + :pool_connection_lifetime => 222, + :use_auth_pool => 'True', + :auth_pool_size => 20, + :auth_pool_connection_lifetime => 200, + } + end + + it { + is_expected.to contain_package('python-ldappool').with( + :name => platform_params[:python_ldappool_package_name], + ) + } + it 'should have basic params' do + # basic params + is_expected.to contain_keystone_domain_config('Default::ldap/url').with_value('ldap://foo') + is_expected.to contain_keystone_domain_config('Default::ldap/user').with_value('cn=foo,dc=example,dc=com') + is_expected.to contain_keystone_domain_config('Default::ldap/password').with_value('abcdefg').with_secret(true) + is_expected.to contain_keystone_domain_config('Default::ldap/suffix').with_value('dc=example,dc=com') + is_expected.to contain_keystone_domain_config('Default::ldap/query_scope').with_value('sub') + is_expected.to contain_keystone_domain_config('Default::ldap/page_size').with_value('50') + + # users + is_expected.to contain_keystone_domain_config('Default::ldap/user_tree_dn').with_value('cn=users,dc=example,dc=com') + is_expected.to contain_keystone_domain_config('Default::ldap/user_filter').with_value('(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)') + is_expected.to contain_keystone_domain_config('Default::ldap/user_objectclass').with_value('inetUser') + is_expected.to contain_keystone_domain_config('Default::ldap/user_id_attribute').with_value('uid') + is_expected.to contain_keystone_domain_config('Default::ldap/user_name_attribute').with_value('cn') + is_expected.to contain_keystone_domain_config('Default::ldap/user_description_attribute').with_value('description') + is_expected.to contain_keystone_domain_config('Default::ldap/user_mail_attribute').with_value('mail') + is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_attribute').with_value('UserAccountControl') + is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_mask').with_value('2') + is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_default').with_value('512') + is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_invert').with_value('False') + is_expected.to contain_keystone_domain_config('Default::ldap/user_attribute_ignore').with_value('') + is_expected.to contain_keystone_domain_config('Default::ldap/user_default_project_id_attribute').with_value('defaultProject') + is_expected.to contain_keystone_domain_config('Default::ldap/user_tree_dn').with_value('cn=users,dc=example,dc=com') + is_expected.to contain_keystone_domain_config('Default::ldap/user_pass_attribute').with_value('krbPassword') + is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_emulation').with_value('True') + is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_emulation_dn').with_value('cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com') + is_expected.to contain_keystone_domain_config('Default::ldap/user_additional_attribute_mapping').with_value('description:name, gecos:name') + + # groups + is_expected.to contain_keystone_domain_config('Default::ldap/group_tree_dn').with_value('ou=groups,ou=openstack,dc=example,dc=com') + is_expected.to contain_keystone_domain_config('Default::ldap/group_filter').with_value('cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com') + is_expected.to contain_keystone_domain_config('Default::ldap/group_objectclass').with_value('organizationalRole') + is_expected.to contain_keystone_domain_config('Default::ldap/group_id_attribute').with_value('cn') + is_expected.to contain_keystone_domain_config('Default::ldap/group_member_attribute').with_value('roleOccupant') + is_expected.to contain_keystone_domain_config('Default::ldap/group_members_are_ids').with_value('True') + is_expected.to contain_keystone_domain_config('Default::ldap/group_desc_attribute').with_value('description') + is_expected.to contain_keystone_domain_config('Default::ldap/group_name_attribute').with_value('cn') + is_expected.to contain_keystone_domain_config('Default::ldap/group_attribute_ignore').with_value('') + is_expected.to contain_keystone_domain_config('Default::ldap/group_additional_attribute_mapping').with_value('') + is_expected.to contain_keystone_domain_config('Default::ldap/group_ad_nesting').with_value('True') + + # referrals + is_expected.to contain_keystone_domain_config('Default::ldap/chase_referrals').with_value('False') + + # tls + is_expected.to contain_keystone_domain_config('Default::ldap/use_tls').with_value('False') + is_expected.to contain_keystone_domain_config('Default::ldap/tls_cacertdir').with_value('/etc/ssl/certs/') + is_expected.to contain_keystone_domain_config('Default::ldap/tls_cacertfile').with_value('/etc/ssl/certs/ca-certificates.crt') + is_expected.to contain_keystone_domain_config('Default::ldap/tls_req_cert').with_value('demand') + + # ldap pooling + is_expected.to contain_keystone_domain_config('Default::ldap/use_pool').with_value('True') + is_expected.to contain_keystone_domain_config('Default::ldap/pool_size').with_value('20') + is_expected.to contain_keystone_domain_config('Default::ldap/pool_retry_max').with_value('2') + is_expected.to contain_keystone_domain_config('Default::ldap/pool_retry_delay').with_value('0.2') + is_expected.to contain_keystone_domain_config('Default::ldap/pool_connection_timeout').with_value('222') + is_expected.to contain_keystone_domain_config('Default::ldap/pool_connection_lifetime').with_value('222') + is_expected.to contain_keystone_domain_config('Default::ldap/use_auth_pool').with_value('True') + is_expected.to contain_keystone_domain_config('Default::ldap/auth_pool_size').with_value('20') + is_expected.to contain_keystone_domain_config('Default::ldap/auth_pool_connection_lifetime').with_value('200') + + # drivers + is_expected.to contain_keystone_domain_config('Default::identity/driver').with_value('ldap') + end + + context 'with keystone domain creation enabled' do + before do + params.merge! ({ + :create_domain_entry => true + }) + end + it 'creates the keystone domain and refreshes the service' do + is_expected.to contain_keystone_domain(title).with( + :ensure => 'present', + :enabled => true + ) + end + end + end end - describe 'with basic params' do + + context 'Using non Default domain' do + let(:title) { 'foobar' } let :params do { - :url => 'ldap://foo', - :user => 'cn=foo,dc=example,dc=com', - :password => 'abcdefg', - :suffix => 'dc=example,dc=com', - :query_scope => 'sub', - :page_size => '50', - :user_tree_dn => 'cn=users,dc=example,dc=com', - :user_filter => '(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)', - :user_objectclass => 'inetUser', - :user_id_attribute => 'uid', - :user_name_attribute => 'cn', - :user_description_attribute => 'description', - :user_mail_attribute => 'mail', - :user_enabled_attribute => 'UserAccountControl', - :user_enabled_mask => '2', - :user_enabled_default => '512', - :user_enabled_invert => 'False', - :user_attribute_ignore => '', - :user_default_project_id_attribute => 'defaultProject', - :user_pass_attribute => 'krbPassword', - :user_enabled_emulation => 'True', - :user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com', - :user_additional_attribute_mapping => 'description:name, gecos:name', - :group_tree_dn => 'ou=groups,ou=openstack,dc=example,dc=com', - :group_filter => 'cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com', - :group_objectclass => 'organizationalRole', - :group_id_attribute => 'cn', - :group_name_attribute => 'cn', - :group_member_attribute => 'roleOccupant', - :group_members_are_ids => 'True', - :group_desc_attribute => 'description', - :group_attribute_ignore => '', - :group_additional_attribute_mapping => '', - :group_ad_nesting => 'True', - :chase_referrals => 'False', - :use_tls => 'False', - :tls_cacertdir => '/etc/ssl/certs/', - :tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt', - :tls_req_cert => 'demand', - :identity_driver => 'ldap', - :use_pool => 'True', - :pool_size => 20, - :pool_retry_max => 2, - :pool_retry_delay => 0.2, - :pool_connection_timeout => 222, - :pool_connection_lifetime => 222, - :use_auth_pool => 'True', - :auth_pool_size => 20, - :auth_pool_connection_lifetime => 200, + :url => 'ldap://foo', + :user => 'cn=foo,dc=example,dc=com' } end - it { is_expected.to contain_package('python-ldappool') } - it 'should have basic params' do - # basic params - is_expected.to contain_keystone_domain_config('Default::ldap/url').with_value('ldap://foo') - is_expected.to contain_keystone_domain_config('Default::ldap/user').with_value('cn=foo,dc=example,dc=com') - is_expected.to contain_keystone_domain_config('Default::ldap/password').with_value('abcdefg').with_secret(true) - is_expected.to contain_keystone_domain_config('Default::ldap/suffix').with_value('dc=example,dc=com') - is_expected.to contain_keystone_domain_config('Default::ldap/query_scope').with_value('sub') - is_expected.to contain_keystone_domain_config('Default::ldap/page_size').with_value('50') + let(:pre_condition) do + <<-EOM + keystone_config {'identity/domain_specific_drivers_enabled': value => true} + keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'} + file {'/etc/keystone/keystone.conf': ensure => present } + EOM + end + it 'should use the domain from the title' do + is_expected.to contain_keystone_domain_config('foobar::ldap/url').with_value('ldap://foo') + is_expected.to contain_keystone_domain_config('foobar::ldap/user').with_value('cn=foo,dc=example,dc=com') + end + end - # users - is_expected.to contain_keystone_domain_config('Default::ldap/user_tree_dn').with_value('cn=users,dc=example,dc=com') - is_expected.to contain_keystone_domain_config('Default::ldap/user_filter').with_value('(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)') - is_expected.to contain_keystone_domain_config('Default::ldap/user_objectclass').with_value('inetUser') - is_expected.to contain_keystone_domain_config('Default::ldap/user_id_attribute').with_value('uid') - is_expected.to contain_keystone_domain_config('Default::ldap/user_name_attribute').with_value('cn') - is_expected.to contain_keystone_domain_config('Default::ldap/user_description_attribute').with_value('description') - is_expected.to contain_keystone_domain_config('Default::ldap/user_mail_attribute').with_value('mail') - is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_attribute').with_value('UserAccountControl') - is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_mask').with_value('2') - is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_default').with_value('512') - is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_invert').with_value('False') - is_expected.to contain_keystone_domain_config('Default::ldap/user_attribute_ignore').with_value('') - is_expected.to contain_keystone_domain_config('Default::ldap/user_default_project_id_attribute').with_value('defaultProject') - is_expected.to contain_keystone_domain_config('Default::ldap/user_tree_dn').with_value('cn=users,dc=example,dc=com') - is_expected.to contain_keystone_domain_config('Default::ldap/user_pass_attribute').with_value('krbPassword') - is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_emulation').with_value('True') - is_expected.to contain_keystone_domain_config('Default::ldap/user_enabled_emulation_dn').with_value('cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com') - is_expected.to contain_keystone_domain_config('Default::ldap/user_additional_attribute_mapping').with_value('description:name, gecos:name') + context 'checks' do + let(:title) { 'domain' } + context 'Missing identity/domain_specific_drivers_enabled' do + let(:pre_condition) do + <<-EOM + keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'} + file {'/etc/keystone/keystone.conf': ensure => present } + EOM + end - # groups - is_expected.to contain_keystone_domain_config('Default::ldap/group_tree_dn').with_value('ou=groups,ou=openstack,dc=example,dc=com') - is_expected.to contain_keystone_domain_config('Default::ldap/group_filter').with_value('cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com') - is_expected.to contain_keystone_domain_config('Default::ldap/group_objectclass').with_value('organizationalRole') - is_expected.to contain_keystone_domain_config('Default::ldap/group_id_attribute').with_value('cn') - is_expected.to contain_keystone_domain_config('Default::ldap/group_member_attribute').with_value('roleOccupant') - is_expected.to contain_keystone_domain_config('Default::ldap/group_members_are_ids').with_value('True') - is_expected.to contain_keystone_domain_config('Default::ldap/group_desc_attribute').with_value('description') - is_expected.to contain_keystone_domain_config('Default::ldap/group_name_attribute').with_value('cn') - is_expected.to contain_keystone_domain_config('Default::ldap/group_attribute_ignore').with_value('') - is_expected.to contain_keystone_domain_config('Default::ldap/group_additional_attribute_mapping').with_value('') - is_expected.to contain_keystone_domain_config('Default::ldap/group_ad_nesting').with_value('True') - - # referrals - is_expected.to contain_keystone_domain_config('Default::ldap/chase_referrals').with_value('False') - - # tls - is_expected.to contain_keystone_domain_config('Default::ldap/use_tls').with_value('False') - is_expected.to contain_keystone_domain_config('Default::ldap/tls_cacertdir').with_value('/etc/ssl/certs/') - is_expected.to contain_keystone_domain_config('Default::ldap/tls_cacertfile').with_value('/etc/ssl/certs/ca-certificates.crt') - is_expected.to contain_keystone_domain_config('Default::ldap/tls_req_cert').with_value('demand') - - # ldap pooling - is_expected.to contain_keystone_domain_config('Default::ldap/use_pool').with_value('True') - is_expected.to contain_keystone_domain_config('Default::ldap/pool_size').with_value('20') - is_expected.to contain_keystone_domain_config('Default::ldap/pool_retry_max').with_value('2') - is_expected.to contain_keystone_domain_config('Default::ldap/pool_retry_delay').with_value('0.2') - is_expected.to contain_keystone_domain_config('Default::ldap/pool_connection_timeout').with_value('222') - is_expected.to contain_keystone_domain_config('Default::ldap/pool_connection_lifetime').with_value('222') - is_expected.to contain_keystone_domain_config('Default::ldap/use_auth_pool').with_value('True') - is_expected.to contain_keystone_domain_config('Default::ldap/auth_pool_size').with_value('20') - is_expected.to contain_keystone_domain_config('Default::ldap/auth_pool_connection_lifetime').with_value('200') - - # drivers - is_expected.to contain_keystone_domain_config('Default::identity/driver').with_value('ldap') + it { should raise_error(Puppet::Error) } end - context 'with keystone domain creation enabled' do - before do - params.merge! ({ - :create_domain_entry => true - }) - end - it 'creates the keystone domain and refreshes the service' do - is_expected.to contain_keystone_domain(title).with( - :ensure => 'present', - :enabled => true - ) + context 'Missing identity/domain_config_dir' do + let(:pre_condition) do + <<-EOM + keystone_config {'identity/domain_specific_drivers_enabled': value => true} + file {'/etc/keystone/keystone.conf': ensure => present } + EOM end + + it { should raise_error(Puppet::Error) } end end end - describe 'Using non Default domain' do - let(:title) { 'foobar' } - let :params do - { - :url => 'ldap://foo', - :user => 'cn=foo,dc=example,dc=com' - } - end - let(:pre_condition) do - <<-EOM - keystone_config {'identity/domain_specific_drivers_enabled': value => true} - keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'} - file {'/etc/keystone/keystone.conf': ensure => present } - EOM - end - it 'should use the domain from the title' do - is_expected.to contain_keystone_domain_config('foobar::ldap/url').with_value('ldap://foo') - is_expected.to contain_keystone_domain_config('foobar::ldap/user').with_value('cn=foo,dc=example,dc=com') - end - end - - describe 'checks' do - let(:title) { 'domain' } - context 'Missing identity/domain_specific_drivers_enabled' do - let(:pre_condition) do - <<-EOM - keystone_config {'identity/domain_config_dir': value => '/etc/keystone/domains'} - file {'/etc/keystone/keystone.conf': ensure => present } - EOM + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) end - it { should raise_error(Puppet::Error) } - end - - context 'Missing identity/domain_config_dir' do - let(:pre_condition) do - <<-EOM - keystone_config {'identity/domain_specific_drivers_enabled': value => true} - file {'/etc/keystone/keystone.conf': ensure => present } - EOM + let (:platform_params) do + case facts[:osfamily] + when 'Debian' + { :python_ldappool_package_name => 'python3-ldappool' } + when 'RedHat' + if facts[:operatingsystem] == 'Fedora' + { :python_ldappool_package_name => 'python3-ldappool' } + else + if facts[:operatingsystemmajrelease] > '7' + { :python_ldappool_package_name => 'python3-ldappool' } + else + { :python_ldappool_package_name => 'python-ldappool' } + end + end + end end - - it { should raise_error(Puppet::Error) } + it_behaves_like 'keystone::ldap_backend' end - end end