openstack
/
puppet-keystone
Code Issues Proposed changes

Convert all class usage to relative names 

Change-Id: Ia631adf31be1eeadb7ab0f12b75f1eaed73d5fbf
This commit is contained in:
Tobias Urdin 2019-12-08 23:09:22 +01:00
parent d8ab01080b
commit fa11274b2f
43 changed files with 110 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
examples/apache_dropin.pp
View File

@ -20,29 +20,29 @@
Exec { logoutput => 'on_failure' } Exec { logoutput => 'on_failure' }
class { '::mysql::server': } class { 'mysql::server': }
class { '::keystone::db::mysql': class { 'keystone::db::mysql':
password => 'keystone', password => 'keystone',
} }
class { '::keystone': class { 'keystone':
debug => true, debug => true,
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone', database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
catalog_type => 'sql', catalog_type => 'sql',
admin_token => 'admin_token', admin_token => 'admin_token',
enabled => false, enabled => false,
} }
class { '::keystone::roles::admin': class { 'keystone::roles::admin':
email => 'test@puppetlabs.com', email => 'test@puppetlabs.com',
password => 'ChangeMe', password => 'ChangeMe',
} }
class { '::keystone::endpoint': class { 'keystone::endpoint':
public_url => "https://${::fqdn}:5000/", public_url => "https://${::fqdn}:5000/",
admin_url => "https://${::fqdn}:5000/", admin_url => "https://${::fqdn}:5000/",
} }
keystone_config { 'ssl/enable': value => true } keystone_config { 'ssl/enable': value => true }
include ::apache include apache
class { '::keystone::wsgi::apache': class { 'keystone::wsgi::apache':
ssl => true ssl => true
} }

16
examples/apache_with_paths.pp
View File

@ -20,31 +20,31 @@
Exec { logoutput => 'on_failure' } Exec { logoutput => 'on_failure' }
class { '::mysql::server': } class { 'mysql::server': }
class { '::keystone::db::mysql': class { 'keystone::db::mysql':
password => 'keystone', password => 'keystone',
} }
class { '::keystone': class { 'keystone':
debug => true, debug => true,
database_connection => 'mysql://keystone_admin:keystone@127.0.0.1/keystone', database_connection => 'mysql://keystone_admin:keystone@127.0.0.1/keystone',
catalog_type => 'sql', catalog_type => 'sql',
admin_token => 'admin_token', admin_token => 'admin_token',
enabled => true, enabled => true,
} }
class { '::keystone::cron::token_flush': } class { 'keystone::cron::token_flush': }
class { '::keystone::roles::admin': class { 'keystone::roles::admin':
email => 'test@puppetlabs.com', email => 'test@puppetlabs.com',
password => 'ChangeMe', password => 'ChangeMe',
} }
class { '::keystone::endpoint': class { 'keystone::endpoint':
public_url => "https://${::fqdn}:443/main/", public_url => "https://${::fqdn}:443/main/",
admin_url => "https://${::fqdn}:443/admin/", admin_url => "https://${::fqdn}:443/admin/",
} }
keystone_config { 'ssl/enable': ensure => absent } keystone_config { 'ssl/enable': ensure => absent }
include ::apache include apache
class { '::keystone::wsgi::apache': class { 'keystone::wsgi::apache':
ssl => true, ssl => true,
public_port => 443, public_port => 443,
admin_port => 443, admin_port => 443,

16
examples/k2k_sp_shib.pp
View File

@ -36,12 +36,12 @@ yumrepo { 'shibboleth':
Yumrepo['shibboleth'] -> Class['::keystone::federation::shibboleth'] Yumrepo['shibboleth'] -> Class['::keystone::federation::shibboleth']
# Yumrepo end # Yumrepo end
class { '::mysql::server': } class { 'mysql::server': }
class { '::keystone::db::mysql': class { 'keystone::db::mysql':
password => 'keystone', password => 'keystone',
} }
class { '::keystone': class { 'keystone':
debug => true, debug => true,
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone', database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
catalog_type => 'sql', catalog_type => 'sql',
@ -49,23 +49,23 @@ class { '::keystone':
enabled => false, enabled => false,
} }
class { '::keystone::roles::admin': class { 'keystone::roles::admin':
email => 'test@puppetlabs.com', email => 'test@puppetlabs.com',
password => 'ChangeMe', password => 'ChangeMe',
} }
class { '::keystone::endpoint': class { 'keystone::endpoint':
public_url => "https://${::fqdn}:5000/", public_url => "https://${::fqdn}:5000/",
admin_url => "https://${::fqdn}:5000/", admin_url => "https://${::fqdn}:5000/",
} }
keystone_config { 'ssl/enable': value => true } keystone_config { 'ssl/enable': value => true }
include ::apache include apache
class { '::keystone::wsgi::apache': class { 'keystone::wsgi::apache':
ssl => true ssl => true
} }
class { '::keystone::federation::shibboleth': class { 'keystone::federation::shibboleth':
methods => 'password, token, oauth1, saml2', methods => 'password, token, oauth1, saml2',
} }

4
examples/ldap_backend.pp
View File

@ -1,4 +1,4 @@
class { '::keystone': class { 'keystone':
debug => true, debug => true,
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone', database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
admin_token => 'admin_token', admin_token => 'admin_token',
@ -9,7 +9,7 @@ class { '::keystone':
# Ensure this matches what is in LDAP or keystone will try to recreate # Ensure this matches what is in LDAP or keystone will try to recreate
# the admin user # the admin user
class { '::keystone::roles::admin': class { 'keystone::roles::admin':
email => 'test@example.com', email => 'test@example.com',
password => 'ChangeMe', password => 'ChangeMe',
admin_user_domain => 'domain_1', admin_user_domain => 'domain_1',

4
examples/ldap_full.pp
View File

@ -3,7 +3,7 @@
# Ensure this matches what is in LDAP or keystone will try to recreate # Ensure this matches what is in LDAP or keystone will try to recreate
# the admin user # the admin user
class { '::keystone::roles::admin': class { 'keystone::roles::admin':
email => 'test@example.com', email => 'test@example.com',
password => 'ChangeMe', password => 'ChangeMe',
} }
@ -15,7 +15,7 @@ class { '::keystone::roles::admin':
# ldapsearch -v -x -H 'ldap://example.com:389' -D \ # ldapsearch -v -x -H 'ldap://example.com:389' -D \
# "uid=bind,cn=users,cn=accounts,dc=example,dc=com" -w SecretPass \ # "uid=bind,cn=users,cn=accounts,dc=example,dc=com" -w SecretPass \
# -b cn=users,cn=accounts,dc=example,dc=com # -b cn=users,cn=accounts,dc=example,dc=com
class { '::keystone:ldap': class { 'keystone:ldap':
url => 'ldap://ldap.example.com:389', url => 'ldap://ldap.example.com:389',
user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com', user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com',
password => 'SecretPass', password => 'SecretPass',

4
examples/ldap_identity.pp
View File

@ -3,7 +3,7 @@
# Ensure this matches what is in LDAP or keystone will try to recreate # Ensure this matches what is in LDAP or keystone will try to recreate
# the admin user # the admin user
class { '::keystone::roles::admin': class { 'keystone::roles::admin':
email => 'test@example.com', email => 'test@example.com',
password => 'ChangeMe', password => 'ChangeMe',
} }
@ -11,7 +11,7 @@ class { '::keystone::roles::admin':
# You can test this connection with ldapsearch first to ensure it works. # You can test this connection with ldapsearch first to ensure it works.
# This was tested against a FreeIPA box, you will likely need to change the # This was tested against a FreeIPA box, you will likely need to change the
# attributes to match your configuration. # attributes to match your configuration.
class { '::keystone:ldap': class { 'keystone:ldap':
identity_driver => 'ldap', identity_driver => 'ldap',
url => 'ldap://ldap.example.com:389', url => 'ldap://ldap.example.com:389',
user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com', user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com',

10
examples/v3_basic.pp
View File

@ -22,17 +22,17 @@
Exec { logoutput => 'on_failure' } Exec { logoutput => 'on_failure' }
class { '::mysql::server': } class { 'mysql::server': }
class { '::keystone::db::mysql': class { 'keystone::db::mysql':
password => 'keystone', password => 'keystone',
} }
class { '::keystone': class { 'keystone':
debug => true, debug => true,
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone', database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
admin_token => 'admin_token', admin_token => 'admin_token',
enabled => true, enabled => true,
} }
class { '::keystone::roles::admin': class { 'keystone::roles::admin':
email => 'test@example.tld', email => 'test@example.tld',
password => 'a_big_secret', password => 'a_big_secret',
admin => 'admin', # username admin => 'admin', # username
@ -40,7 +40,7 @@ class { '::keystone::roles::admin':
admin_user_domain => 'admin', # domain for user admin_user_domain => 'admin', # domain for user
admin_tenant_domain => 'admin', # domain for project admin_tenant_domain => 'admin', # domain for project
} }
class { '::keystone::endpoint': class { 'keystone::endpoint':
public_url => 'http://127.0.0.1:5000/', public_url => 'http://127.0.0.1:5000/',
admin_url => 'http://127.0.0.1:5000/', admin_url => 'http://127.0.0.1:5000/',
} }

10
examples/v3_domain_configuration.pp
View File

@ -5,11 +5,11 @@
Exec { logoutput => 'on_failure' } Exec { logoutput => 'on_failure' }
class { '::mysql::server': } class { 'mysql::server': }
class { '::keystone::db::mysql': class { 'keystone::db::mysql':
password => 'keystone', password => 'keystone',
} }
class { '::keystone': class { 'keystone':
debug => true, debug => true,
database_connection => 'mysql://keystone:keystone@192.168.1.1/keystone', database_connection => 'mysql://keystone:keystone@192.168.1.1/keystone',
admin_token => 'admin_token', admin_token => 'admin_token',
@ -17,11 +17,11 @@ class { '::keystone':
# The domain configuration setup at keystone level # The domain configuration setup at keystone level
using_domain_config => true, using_domain_config => true,
} }
class { '::keystone::roles::admin': class { 'keystone::roles::admin':
email => 'test@example.tld', email => 'test@example.tld',
password => 'a_big_secret', password => 'a_big_secret',
} }
class { '::keystone::endpoint': class { 'keystone::endpoint':
public_url => 'http://192.168.1.1:5000/', public_url => 'http://192.168.1.1:5000/',
admin_url => 'http://192.168.1.1:5000/', admin_url => 'http://192.168.1.1:5000/',
} }

2
manifests/client.pp
View File

@ -17,7 +17,7 @@ class keystone::client (
$ensure = 'present' $ensure = 'present'
) inherits keystone::params { ) inherits keystone::params {
include ::keystone::deps include keystone::deps
package { 'python-keystoneclient': package { 'python-keystoneclient':
ensure => $ensure, ensure => $ensure,

2
manifests/config.pp
View File

@ -24,7 +24,7 @@ class keystone::config (
$keystone_config = {}, $keystone_config = {},
) { ) {
include ::keystone::deps include keystone::deps
validate_legacy(Hash, 'validate_hash', $keystone_config) validate_legacy(Hash, 'validate_hash', $keystone_config)

2
manifests/cors.pp
View File

@ -45,7 +45,7 @@ class keystone::cors (
$allow_headers = $::os_service_default, $allow_headers = $::os_service_default,
) { ) {
include ::keystone::deps include keystone::deps
oslo::cors { 'keystone_config': oslo::cors { 'keystone_config':
allowed_origin => $allowed_origin, allowed_origin => $allowed_origin,

2
manifests/cron/fernet_rotate.pp
View File

@ -58,7 +58,7 @@ class keystone::cron::fernet_rotate (
$user = 'keystone', $user = 'keystone',
) { ) {
include ::keystone::deps include keystone::deps
if $maxdelay == 0 { if $maxdelay == 0 {
$sleep = '' $sleep = ''

2
manifests/cron/token_flush.pp
View File

@ -65,7 +65,7 @@ class keystone::cron::token_flush (
$user = 'keystone', $user = 'keystone',
) { ) {
include ::keystone::deps include keystone::deps
if $maxdelay == 0 { if $maxdelay == 0 {
$sleep = '' $sleep = ''

2
manifests/db.pp
View File

@ -62,7 +62,7 @@ class keystone::db (
$database_idle_timeout = undef, $database_idle_timeout = undef,
) { ) {
include ::keystone::deps include keystone::deps
if $database_idle_timeout { if $database_idle_timeout {
warning('The database_idle_timeout parameter is deprecated. Please use \ warning('The database_idle_timeout parameter is deprecated. Please use \

2
manifests/db/mysql.pp
View File

@ -43,7 +43,7 @@ class keystone::db::mysql(
$allowed_hosts = undef $allowed_hosts = undef
) { ) {
include ::keystone::deps include keystone::deps
validate_legacy(String, 'validate_string', $password) validate_legacy(String, 'validate_string', $password)

2
manifests/db/postgresql.pp
View File

@ -42,7 +42,7 @@ class keystone::db::postgresql(
$privileges = 'ALL', $privileges = 'ALL',
) { ) {
include ::keystone::deps include keystone::deps
::openstacklib::db::postgresql { 'keystone': ::openstacklib::db::postgresql { 'keystone':
password_hash => postgresql_password($user, $password), password_hash => postgresql_password($user, $password),

2
manifests/db/sync.pp
View File

@ -19,7 +19,7 @@ class keystone::db::sync(
$keystone_user = $::keystone::params::keystone_user, $keystone_user = $::keystone::params::keystone_user,
) inherits keystone::params { ) inherits keystone::params {
include ::keystone::deps include keystone::deps
exec { 'keystone-manage db_sync': exec { 'keystone-manage db_sync':
command => "keystone-manage ${extra_params} db_sync", command => "keystone-manage ${extra_params} db_sync",

2
manifests/endpoint.pp
View File

@ -62,7 +62,7 @@ class keystone::endpoint (
$version = '', $version = '',
) { ) {
include ::keystone::deps include keystone::deps
if $version == 'unset' { if $version == 'unset' {
warning('keystone::endpoint::version parameter is deprecated and will be removed in a future release.') warning('keystone::endpoint::version parameter is deprecated and will be removed in a future release.')

2
manifests/federation.pp
View File

@ -17,7 +17,7 @@ class keystone::federation (
$trusted_dashboards = undef, $trusted_dashboards = undef,
$remote_id_attribute = undef, $remote_id_attribute = undef,
) { ) {
include ::keystone::deps include keystone::deps
keystone_config { keystone_config {
'federation/trusted_dashboard': value => any2array($trusted_dashboards); 'federation/trusted_dashboard': value => any2array($trusted_dashboards);

4
manifests/federation/identity_provider.pp
View File

@ -97,8 +97,8 @@ class keystone::federation::identity_provider(
$package_ensure = present, $package_ensure = present,
) { ) {
include ::keystone::deps include keystone::deps
include ::keystone::params include keystone::params
if $::keystone::service_name != 'httpd' { if $::keystone::service_name != 'httpd' {
fail ('Keystone need to be running under Apache for Federation work.') fail ('Keystone need to be running under Apache for Federation work.')

6
manifests/federation/mellon.pp
View File

@ -70,9 +70,9 @@ class keystone::federation::mellon (
$main_port = undef, $main_port = undef,
) { ) {
include ::apache include apache
include ::keystone::deps include keystone::deps
include ::keystone::params include keystone::params
if ($trusted_dashboards) { if ($trusted_dashboards) {
warning("keystone::federation::mellon::trusted_dashboards is deprecated \ warning("keystone::federation::mellon::trusted_dashboards is deprecated \

6
manifests/federation/openidc.pp
View File

@ -120,9 +120,9 @@ class keystone::federation::openidc (
$package_ensure = present, $package_ensure = present,
) { ) {
include ::apache include apache
include ::keystone::deps include keystone::deps
include ::keystone::params include keystone::params
if $openidc_enable_oauth and !$openidc_introspection_endpoint { if $openidc_enable_oauth and !$openidc_introspection_endpoint {
fail('You must set openidc_introspection_endpoint when enabling oauth support') fail('You must set openidc_introspection_endpoint when enabling oauth support')

6
manifests/federation/shibboleth.pp
View File

@ -65,8 +65,8 @@ class keystone::federation::shibboleth(
$main_port = undef, $main_port = undef,
) { ) {
include ::apache include apache
include ::keystone::deps include keystone::deps
if $admin_port or $main_port { if $admin_port or $main_port {
warning('keystone::federation::shibboleth::admin_port and main_port are deprecated and have no effect') warning('keystone::federation::shibboleth::admin_port and main_port are deprecated and have no effect')
@ -101,7 +101,7 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
path => '/usr/lib64/shibboleth/mod_shib_24.so' path => '/usr/lib64/shibboleth/mod_shib_24.so'
} }
} else { } else {
class { '::apache::mod::shib': } class { 'apache::mod::shib': }
} }
concat::fragment { 'configure_shibboleth_keystone': concat::fragment { 'configure_shibboleth_keystone':

18
manifests/init.pp
View File

@ -700,9 +700,9 @@ class keystone(
$validate_cacert = undef, $validate_cacert = undef,
) inherits keystone::params { ) inherits keystone::params {
include ::keystone::deps include keystone::deps
include ::keystone::logging include keystone::logging
include ::keystone::policy include keystone::policy
if $cache_dir { if $cache_dir {
warning('keystone::cache_dir is deprecated, has no effect and will be removed in a later release') warning('keystone::cache_dir is deprecated, has no effect and will be removed in a later release')
@ -793,8 +793,8 @@ admin_token will be removed in a later release")
ensure_resource('policy_rcd', $policy_services, { ensure => present, 'set_code' => '101' }) ensure_resource('policy_rcd', $policy_services, { ensure => present, 'set_code' => '101' })
} }
include ::keystone::db include keystone::db
include ::keystone::params include keystone::params
package { 'keystone': package { 'keystone':
ensure => $package_ensure, ensure => $package_ensure,
@ -804,7 +804,7 @@ admin_token will be removed in a later release")
if $client_package_ensure == 'present' { if $client_package_ensure == 'present' {
include '::keystone::client' include '::keystone::client'
} else { } else {
class { '::keystone::client': class { 'keystone::client':
ensure => $client_package_ensure, ensure => $client_package_ensure,
} }
} }
@ -961,7 +961,7 @@ admin_token will be removed in a later release")
$::keystone::params::service_name, 'keystone-public-keystone-admin' : { $::keystone::params::service_name, 'keystone-public-keystone-admin' : {
$service_name_real = $::keystone::params::service_name $service_name_real = $::keystone::params::service_name
class { '::keystone::service': class { 'keystone::service':
ensure => $service_ensure, ensure => $service_ensure,
service_name => $service_name, service_name => $service_name,
enable => $enabled, enable => $enabled,
@ -975,7 +975,7 @@ Support for deploying under eventlet will be dropped as of the M-release of Open
} }
} }
'httpd': { 'httpd': {
include ::apache::params include apache::params
$service_name_real = $::apache::params::service_name $service_name_real = $::apache::params::service_name
} }
default: { default: {
@ -985,7 +985,7 @@ running as a standalone service, or httpd for being run by a httpd server")
} }
if $sync_db { if $sync_db {
include ::keystone::db::sync include keystone::db::sync
} }
# Fernet tokens support # Fernet tokens support

2
manifests/ldap.pp
View File

@ -447,7 +447,7 @@ class keystone::ldap(
$manage_packages = true, $manage_packages = true,
) { ) {
include ::keystone::deps include keystone::deps
if $manage_packages { if $manage_packages {
ensure_resource('package', 'python-ldappool', { ensure => $package_ensure, ensure_resource('package', 'python-ldappool', { ensure => $package_ensure,

2
manifests/ldap_backend.pp
View File

@ -486,7 +486,7 @@ define keystone::ldap_backend(
$group_allow_delete = undef, $group_allow_delete = undef,
) { ) {
include ::keystone::deps include keystone::deps
$domain_enabled = getparam(Keystone_config['identity/domain_specific_drivers_enabled'], 'value') $domain_enabled = getparam(Keystone_config['identity/domain_specific_drivers_enabled'], 'value')
$domain_dir_enabled = getparam(Keystone_config['identity/domain_config_dir'], 'value') $domain_dir_enabled = getparam(Keystone_config['identity/domain_config_dir'], 'value')

2
manifests/logging.pp
View File

@ -134,7 +134,7 @@ class keystone::logging(
$watch_log_file = $::os_service_default, $watch_log_file = $::os_service_default,
) { ) {
include ::keystone::deps include keystone::deps
oslo::log { 'keystone_config': oslo::log { 'keystone_config':
debug => $debug, debug => $debug,

2
manifests/messaging/amqp.pp
View File

@ -47,7 +47,7 @@ class keystone::messaging::amqp(
$amqp_sasl_mechanisms = $::os_service_default, $amqp_sasl_mechanisms = $::os_service_default,
) { ) {
include ::keystone::deps include keystone::deps
oslo::messaging::amqp { 'keystone_config': oslo::messaging::amqp { 'keystone_config':
pre_settled => $amqp_pre_settled, pre_settled => $amqp_pre_settled,

2
manifests/params.pp
View File

@ -2,7 +2,7 @@
# This class contains the platform differences for keystone # This class contains the platform differences for keystone
# #
class keystone::params { class keystone::params {
include ::openstacklib::defaults include openstacklib::defaults
$pyvers = $::openstacklib::defaults::pyvers $pyvers = $::openstacklib::defaults::pyvers
$client_package_name = "python${pyvers}-keystoneclient" $client_package_name = "python${pyvers}-keystoneclient"

4
manifests/policy.pp
View File

@ -28,8 +28,8 @@ class keystone::policy (
$policy_path = '/etc/keystone/policy.json', $policy_path = '/etc/keystone/policy.json',
) { ) {
include ::keystone::deps include keystone::deps
include ::keystone::params include keystone::params
validate_legacy(Hash, 'validate_hash', $policies) validate_legacy(Hash, 'validate_hash', $policies)

4
manifests/resource/authtoken.pp
View File

@ -278,8 +278,8 @@ define keystone::resource::authtoken(
$hash_algorithms = undef, $hash_algorithms = undef,
) { ) {
include ::keystone::params include keystone::params
include ::keystone::deps include keystone::deps
if $check_revocations_for_cached { if $check_revocations_for_cached {
warning('keystone::resource::authtoken::check_revocations_for_cached is deprecated and will be removed') warning('keystone::resource::authtoken::check_revocations_for_cached is deprecated and will be removed')

2
manifests/resource/service_identity.pp
View File

@ -131,7 +131,7 @@ define keystone::resource::service_identity(
$default_domain = undef, $default_domain = undef,
) { ) {
include ::keystone::deps include keystone::deps
validate_legacy(Enum['present', 'absent'], 'validate_re', $ensure, validate_legacy(Enum['present', 'absent'], 'validate_re', $ensure,
[['^present$', '^absent$'], 'Valid values for ensure parameter are present or absent']) [['^present$', '^absent$'], 'Valid values for ensure parameter are present or absent'])

4
manifests/resource/service_user.pp
View File

@ -84,8 +84,8 @@ define keystone::resource::service_user(
$region_name = $::os_service_default, $region_name = $::os_service_default,
) { ) {
include ::keystone::params include keystone::params
include ::keystone::deps include keystone::deps
$service_user_options = { $service_user_options = {
'service_user/auth_type' => {'value' => $auth_type}, 'service_user/auth_type' => {'value' => $auth_type},

2
manifests/roles/admin.pp
View File

@ -95,7 +95,7 @@ class keystone::roles::admin(
$target_admin_domain = undef, $target_admin_domain = undef,
) { ) {
include ::keystone::deps include keystone::deps
if $password != $keystone::admin_password_real { if $password != $keystone::admin_password_real {
warning('the main class is setting the admin password differently from this\ warning('the main class is setting the admin password differently from this\

2
manifests/security_compliance.pp
View File

@ -68,7 +68,7 @@ class keystone::security_compliance(
$unique_last_password_count = $::os_service_default, $unique_last_password_count = $::os_service_default,
) { ) {
include ::keystone::deps include keystone::deps
keystone_config { keystone_config {
'security_compliance/change_password_upon_first_use': value => $change_password_upon_first_use; 'security_compliance/change_password_upon_first_use': value => $change_password_upon_first_use;

2
manifests/service.pp
View File

@ -77,7 +77,7 @@ class keystone::service (
$cacert = undef, $cacert = undef,
) inherits keystone::params { ) inherits keystone::params {
include ::keystone::deps include keystone::deps
if $service_name == 'keystone-public-keystone-admin' { if $service_name == 'keystone-public-keystone-admin' {
service { 'keystone-public': service { 'keystone-public':

2
manifests/wsgi/apache.pp
View File

@ -165,7 +165,7 @@ class keystone::wsgi::apache (
$custom_wsgi_process_options = {}, $custom_wsgi_process_options = {},
) inherits ::keystone::params { ) inherits ::keystone::params {
include ::keystone::deps include keystone::deps
# TODO(tobias-urdin): This dependency chaining can be moved to keystone::deps # TODO(tobias-urdin): This dependency chaining can be moved to keystone::deps
# when we have cleaned up some old eventlet code and users are forced to use # when we have cleaned up some old eventlet code and users are forced to use

10
spec/acceptance/default_domain_spec.rb
View File

@ -3,7 +3,7 @@ require 'spec_helper_acceptance'
describe 'basic keystone server with changed domain id' do describe 'basic keystone server with changed domain id' do
after(:context) do after(:context) do
clean_up_manifest = <<-EOM clean_up_manifest = <<-EOM
include ::openstack_integration::keystone include openstack_integration::keystone
keystone_config { 'identity/default_domain_id': ensure => absent} keystone_config { 'identity/default_domain_id': ensure => absent}
EOM EOM
@ -13,11 +13,11 @@ describe 'basic keystone server with changed domain id' do
context 'new domain id' do context 'new domain id' do
let(:pp) do let(:pp) do
<<-EOM <<-EOM
include ::openstack_integration include openstack_integration
include ::openstack_integration::repos include openstack_integration::repos
include ::openstack_integration::mysql include openstack_integration::mysql
class { '::openstack_integration::keystone': class { 'openstack_integration::keystone':
default_domain => 'my_default_domain', default_domain => 'my_default_domain',
} }

10
spec/acceptance/keystone_federation_identity_provider_spec.rb
View File

@ -6,10 +6,10 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
it 'should work with no errors' do it 'should work with no errors' do
pp= <<-EOS pp= <<-EOS
include ::openstack_integration include openstack_integration
include ::openstack_integration::repos include openstack_integration::repos
include ::openstack_integration::mysql include openstack_integration::mysql
include ::openstack_integration::keystone include openstack_integration::keystone
::keystone::resource::service_identity { 'beaker-ci': ::keystone::resource::service_identity { 'beaker-ci':
service_type => 'beaker', service_type => 'beaker',
@ -66,7 +66,7 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
user_domain => 'service_domain', user_domain => 'service_domain',
project_domain => 'service_domain', project_domain => 'service_domain',
} }
class { '::keystone::federation::identity_provider': class { 'keystone::federation::identity_provider':
idp_entity_id => 'http://127.0.0.1:5000/v3/OS-FEDERATION/saml2/idp', idp_entity_id => 'http://127.0.0.1:5000/v3/OS-FEDERATION/saml2/idp',
idp_sso_endpoint => 'http://127.0.0.1:5000/v3/OS-FEDERATION/saml2/sso', idp_sso_endpoint => 'http://127.0.0.1:5000/v3/OS-FEDERATION/saml2/sso',
idp_metadata_path => '/etc/keystone/saml2_idp_metadata.xml', idp_metadata_path => '/etc/keystone/saml2_idp_metadata.xml',

10
spec/acceptance/keystone_federation_shibboleth_spec.rb
View File

@ -6,10 +6,10 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
it 'should work with no errors' do it 'should work with no errors' do
pp= <<-EOS pp= <<-EOS
include ::openstack_integration include openstack_integration
include ::openstack_integration::repos include openstack_integration::repos
include ::openstack_integration::mysql include openstack_integration::mysql
include ::openstack_integration::keystone include openstack_integration::keystone
::keystone::resource::service_identity { 'beaker-ci': ::keystone::resource::service_identity { 'beaker-ci':
service_type => 'beaker', service_type => 'beaker',
@ -66,7 +66,7 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
user_domain => 'service_domain', user_domain => 'service_domain',
project_domain => 'service_domain', project_domain => 'service_domain',
} }
class { '::keystone::federation::shibboleth': class { 'keystone::federation::shibboleth':
methods => 'password, token, oauth1, saml2', methods => 'password, token, oauth1, saml2',
} }
EOS EOS

10
spec/acceptance/keystone_wsgi_apache_spec.rb
View File

@ -6,10 +6,10 @@ describe 'keystone server running with Apache/WSGI with resources' do
it 'should work with no errors' do it 'should work with no errors' do
pp= <<-EOS pp= <<-EOS
include ::openstack_integration include openstack_integration
include ::openstack_integration::repos include openstack_integration::repos
include ::openstack_integration::mysql include openstack_integration::mysql
include ::openstack_integration::keystone include openstack_integration::keystone
::keystone::resource::service_identity { 'beaker-ci': ::keystone::resource::service_identity { 'beaker-ci':
service_type => 'beaker', service_type => 'beaker',
@ -318,7 +318,7 @@ EOC
context 'manifest' do context 'manifest' do
let(:pp) do let(:pp) do
<<-EOM <<-EOM
class { '::openstack_integration::keystone': class { 'openstack_integration::keystone':
default_domain => 'default_domain', default_domain => 'default_domain',
using_domain_config => true, using_domain_config => true,
} }

6
spec/classes/keystone_init_spec.rb
View File

@ -245,7 +245,7 @@ describe 'keystone' do
end end
let :pre_condition do let :pre_condition do
'include ::keystone::wsgi::apache' 'include keystone::wsgi::apache'
end end
it_configures 'core keystone examples', httpd_params it_configures 'core keystone examples', httpd_params
@ -267,7 +267,7 @@ describe 'keystone' do
end end
let :pre_condition do let :pre_condition do
'include ::keystone::wsgi::apache' 'include keystone::wsgi::apache'
end end
it_configures 'core keystone examples', httpd_params it_configures 'core keystone examples', httpd_params
@ -961,7 +961,7 @@ describe 'keystone' do
end end
describe 'with default domain and wsgi service is managed and enabled' do describe 'with default domain and wsgi service is managed and enabled' do
let :pre_condition do let :pre_condition do
'include ::apache' 'include apache'
end end
let :params do let :params do
default_params.merge({ default_params.merge({

2
spec/classes/keystone_wsgi_apache_spec.rb
View File

@ -3,7 +3,7 @@ require 'spec_helper'
describe 'keystone::wsgi::apache' do describe 'keystone::wsgi::apache' do
let :pre_condition do let :pre_condition do
"class { '::keystone': "class { 'keystone':
admin_token => 'dummy', admin_token => 'dummy',
service_name => 'httpd', service_name => 'httpd',
enable_ssl => true, enable_ssl => true,