Add ensure parameter to service identity resource

The service identity resource has ensure parameter that defaults to 'present'. The new parameter will allow removing resources that were created with the service identity resource without having to write custom manifests. Change-Id: I51b75baa84058779ca2c00f3ac2657c42831e51d Closes-Bug: #1603394
2016-07-15 07:35:00 -04:00 · 2016-07-15 07:35:00 -04:00 · f79ffef355
commit f79ffef355
parent ade1aadb37
3 changed files with 55 additions and 6 deletions
--- a/manifests/resource/service_identity.pp
+++ b/manifests/resource/service_identity.pp
@ -21,6 +21,10 @@
 #
 # == Parameters:
 #
+# [*ensure*]
+#   Ensure parameter for the types used in resource.
+#   string; optional: default to 'present'
+#
 # [*password*]
 #   Password to create for the service user;
 #   string; required
@ -104,6 +108,7 @@
 #   Defaults to undef
 #
 define keystone::resource::service_identity(
+  $ensure                = 'present',
  $admin_url             = false,
  $internal_url          = false,
  $password              = false,
@ -128,6 +133,8 @@ define keystone::resource::service_identity(

  include ::keystone::deps

+  validate_re($ensure, ['^present$', '^absent$'], 'Valid values for ensure parameter are present or absent')
+
  if $service_name == undef {
    $service_name_real = $auth_name
  } else {
@ -146,12 +153,12 @@ define keystone::resource::service_identity(
      # no way to know if the $user_domain is the same domain passed as the
      # $default_domain parameter to class keystone.
      ensure_resource('keystone_domain', $user_domain_real, {
-        'ensure'  => 'present',
+        'ensure'  => $ensure,
        'enabled' => true,
      })
    }
    ensure_resource('keystone_user', $auth_name, {
-      'ensure'                => 'present',
+      'ensure'                => $ensure,
      'enabled'               => true,
      'password'              => $password,
      'email'                 => $email,
@ -164,7 +171,7 @@ define keystone::resource::service_identity(

  if $configure_user_role {
    ensure_resource('keystone_user_role', "${auth_name}@${tenant}", {
-      'ensure' => 'present',
+      'ensure' => $ensure,
      'roles'  => $roles,
    })
  }
@ -172,7 +179,7 @@ define keystone::resource::service_identity(
  if $configure_service {
    if $service_type {
      ensure_resource('keystone_service', "${service_name_real}::${service_type}", {
-        'ensure'      => 'present',
+        'ensure'      => $ensure,
        'description' => $service_description,
      })
    } else {
@ -184,7 +191,7 @@ define keystone::resource::service_identity(
    if $service_type {
      if $public_url and $admin_url and $internal_url {
        ensure_resource('keystone_endpoint', "${region}/${service_name_real}::${service_type}", {
-          'ensure'       => 'present',
+          'ensure'       => $ensure,
          'public_url'   => $public_url,
          'admin_url'    => $admin_url,
          'internal_url' => $internal_url,
@ -195,7 +202,7 @@ define keystone::resource::service_identity(
    } else {
      if $public_url and $admin_url and $internal_url {
        ensure_resource('keystone_endpoint', "${region}/${service_name_real}", {
-          'ensure'       => 'present',
+          'ensure'       => $ensure,
          'public_url'   => $public_url,
          'admin_url'    => $admin_url,
          'internal_url' => $internal_url,
--- a/releasenotes/notes/ensure_parameter_service_identity_resource-610076e4902c23ec.yaml
+++ b/releasenotes/notes/ensure_parameter_service_identity_resource-610076e4902c23ec.yaml
@ -0,0 +1,3 @@
+---
+features:
+  - Ensure parameter was added to service identity resource to allow control of keystone types within resource.
--- a/spec/defines/keystone_resource_service_identity_spec.rb
+++ b/spec/defines/keystone_resource_service_identity_spec.rb
@ -61,6 +61,45 @@ describe 'keystone::resource::service_identity' do
      )}
    end

+    context 'with ensure set to absent' do
+      let :params do
+        required_params.merge(:ensure => 'absent')
+      end
+
+      it { is_expected.to contain_keystone_user(title).with(
+        :ensure   => 'absent',
+        :password => 'secrete',
+        :email    => 'neutron@localhost',
+      )}
+
+      it { is_expected.to contain_keystone_user_role("#{title}@services").with(
+        :ensure => 'absent',
+        :roles  => ['admin'],
+      )}
+
+      it { is_expected.to contain_keystone_service("#{title}::network").with(
+        :ensure      => 'absent',
+        :description => 'neutron service',
+      )}
+
+      it { is_expected.to contain_keystone_endpoint("RegionOne/#{title}::network").with(
+        :ensure       => 'absent',
+        :public_url   => 'http://7.7.7.7:9696',
+        :internal_url => 'http://10.0.0.1:9696',
+        :admin_url    => 'http://192.168.0.1:9696',
+        :region       => 'RegionOne',
+      )}
+
+    end
+
+    context 'with bad ensure parameter value' do
+      let :params do
+        required_params.merge(:ensure => 'badvalue')
+      end
+
+      it { is_expected.to raise_error Puppet::Error, /Valid values for ensure parameter are present or absent/ }
+    end
+
    context 'when explicitly setting an region' do
      let :params do
        required_params.merge(