This change adds the rspec-puppet-facts gem to the spec helper so that
we can centralize the management of the base operating systems that we
support. rspec-puppet-facts allows us to simplify our unit tests and
provides a more complete list of Operating Systems and their associated
facts for the unit tests. With this change we can now loop over and
test CentOS, Debian, Fedora, RedHat, and Ubuntu by simply providing a
list of supported os to rspec-puppet-facts.
Additionally this change includes a central object for managing our
supported os list for rspec-puppet-facts and providing our default facts
like os_service_default. This central object should replace the usage of
@default_facts within the unit tests for each module.
Change-Id: Ic5c9cbb1e1cae3b4e79a82f6e3fdbc87edda9142
Switch to $::os_service_default all params in logging and db.
Changes: logging.pp, db.pp and tests.
Related-bug: #1515273
Change-Id: Ib84dceafb032747adc1d8b6e56bd01e89aa802cb
Used for federation, this implement [1]
The remote-id parameter is missing from openstack client kilo release on
most distribution so this provider will work from liberty on.
The hardest part of the implementation is the support for the remote-id
and remote-id-file which are parameters which match the openstack cli.
First they are mutually exclusive. Second, a file full of remote-id is
passed to the remote-id-file. This file must be parsed to check if it's
in sync. If the current format change, ie one id by line, it will need
to be changed. Third the parsing of the shell output of the remote-id
is rather challenging before openstack cli 1.9.0[2]. This code handles
pre and post 1.9.0.
[1] http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-federation-ext.html#identity-provider-api
[2] https://bugs.launchpad.net/python-openstackclient/+bug/1478995
Change-Id: I4003d1a16d8ac3694f350c82b7b990f374a4a7b6
After the move to composite namevar a problem could occur if another
module was using indirection to find resource by name.
If the manifest didn't have any
keystone_user/keystone_tenant/keystone_user_role definition, then, the
'Default' domain would be appended to the name.
This patch, fix that by simplifying the rule for calculating the default
domain.
It now strictly follows what is described there https://review.openstack.org/#/c/219127/
Change-Id: Ic2efb51fe76d055307c8c27fa79015764417160b
Closes-Bug: #1517187
This remove the @@default_domain_id from the code. It is no longer
necessary to have a global class variable sharing this id. All is now
encapsulated inside the keystone_domain class.
The change come mainly from the new policy regarding default domain[1]
which simplifies the logic, and the code.
[1] https://etherpad.openstack.org/p/keystone_no_domain
Change-Id: I71ab37165db6b0fe8472e7dfc8abcf72e0caac4a
There are two sides on this patch, the user facing one, and the
developer's one.
It gives more flexibility for the interface used by the user for the
Keystone_tenant, Keystone_user and Keystone_user_roles resources. For
instance to specify a user and give the admin role, currently you have
to:
keystone_user { 'new_admin::admin_domain':
ensure => present,
enabled => true,
tenant => 'openstackv3::admin_domain',
email => 'test@example.tld',
password => 'a_big_secret',
}
keystone_user_role { 'new_admin::admin_domain@openstackv3::admin_domain':
ensure => present,
roles => ['admin'],
}
Now you can specify it like this:
keystone_user { 'new_admin':
ensure => present,
enabled => true,
domain => 'admin_domain',
tenant => 'openstackv3::admin_domain',
email => 'test@example.tld',
password => 'a_big_secret',
}
keystone_user_role { 'new_admin@openstackv3':
ensure => present,
user_domain => 'admin_domain',
project_domain => 'admin_domain',
roles => ['admin'],
}
For the developer this simplify the code. Puppet is using composite
namevar to make all the resources unique. So guessing what pattern is
used in the title is no longer required. For instance this :
keystone_tenant { 'project_one': ensure => present }
keystone_tenant { 'meaningless': name => 'project_one', domain => 'Default', ensure => present }
is detected as the same tenant by puppet.
The same is true for dependencies. This is working correctly:
keystone_tenant { 'meaningless': name => 'project_one', domain => 'domain_one', ensure => present }
file {'/tmp/needed': ensure => present, require => Keystone_tenant['project_one::domain_one'] }
In autorequire term in type definition, you just have to pass the fully
qualified name (with the domain suffix for user and tenant) of the
resource and puppet will do the matching, whatever the original title
is. See the examples in user and tenant in keystone_user_role type.
Change-Id: I4deb27dc6f71fb7a7ec6a9c72bd0e1412c2e9a30
Do not cache @default_domain_id in a class instance variable.
Instead, use a class variable @@default_domain_id. This is only
ever set explicitly by Keystone_domain if the default_domain_id
is changed. Use the class variable instead of a class instance
variable so that all classes in the process will use the same
value of @@default_domain_id. If this hasn't been set, use the
value from the keystone_file, otherwise, just use 'default'.
Closes-Bug: #1492846
Change-Id: I6ec70979f27ec8c1ad1d6704d3d4c352374a3973
If the given domain id is not available in the @domain_hash,
look it up in Keystone and add it to the hash. Do not assume
the @domain_hash can be populated once. It must take into
account domains that are created later.
This consolidates the various bits of code that reset the class
variables in the provider superclass into spec_helper.rb - we must
be consistent about resetting the variables to ensure the spec
tests return consistent results.
Closes-Bug: #1492843
Change-Id: Ic475ca7f33c49784a0e5f4a432220cbf8b3ce635
This patch is the initial modulesync run, it impacts:
* gitignore: just a sync between projects
* gemfile:
- update and allow to setup facter version and gem source
- split beaker gems with a dedicated group
- switch to rspec-puppet 2.2.0
* rakefile:
- use the new syntax for lint configuration
- add a acceptance target
* acceptance:
- sync nodesets
* spec: added rspec coverage report
Change-Id: Ibfd9b9bc31620a46cb3c7e438f023cab1cfcd31f
This patch aim to update our specs test in order to work with the
rspec-puppet release 2.0.0, in the mean time, we update rspec syntax in
order to be prepared for rspec 3.x move.
In details:
* Use shared_examples "a Puppet::Error" for puppet::error tests
* Convert 'should' keyword to 'is_expected.to' (prepare rspec 3.x)
* Fix spec tests for rspec-puppet 2.0.0
* Upgrade and pin rspec-puppet from 1.0.1 to 2.0.0
* Clean Gemfile (remove over-specificication of runtime deps of puppetlabs_spec_helper)
* Standardize gemfile (add json, webmock)
Change-Id: I35a39d4f3919d56c9448f0a0602cfe284ebc2e9c
Card: https://trello.com/c/eHXc1Ryd/4-investigate-the-necessary-change-to-be-rspec-puppet-2-0-0-compliant
This patch migrates the keystone_tenant provider to use the universal
openstack client instead of the keystone client. It uses the openstack
parent provider in openstacklib to handle multiple authenticating
methods. The keystone_tenant type uses the openstacklib openstack
utility to add a new auth parameter to the keystone_tenant type.
This patch also moves functionality for parsing keystone.conf for the
service token back to the keystone module from openstacklib. It creates
three tiers of inheritance: Keystone_tenant < Keystone < Openstack, so
that keystone-specific functionality can stay in keystone.
It also adds a flush method which should help improve performance.
blueprint use-openstackclient-in-module-resources
Change-Id: I2d9a16f334d1e60ebdd36805e2f8d8d2ef82cf39
Serving keystone from a wsgi container is recommended for production
setups. SSL is enabled by default.
See the following URLs for explanations:
http://adam.younglogic.com/2012/03/keystone-should-move-to-apache-httpd/https://etherpad.openstack.org/havana-keystone-performance
Documentation in manifests/wsgi/apache.pp
Apache can be configured as a drop in replacement for keystone (using
ports 5000 & 35357) or with paths using the standard SSL port. See
examples in examples/apache_*.pp
- Also change some 'real_' prefix into '_real' suffix to respect the
coding guide.
- Added the '--insecure' option to keystone client in the provider to
allow using self-signed certificates.
- Fixed parsing the ssl/enable value in the provider.
There is no integer verification done in the manifests
and to get around a bug in rspec, which has been fixed
in https://github.com/rodjek/rspec-puppet/pull/107,
certain parameters that should be integer are treated as
strings
files/httpd/keystone.py updated with lastest from keystone git repo
Change-Id: Ide8c090d105c1ea75a14939f5e8ddb7d24ca3f1c
Previously, the error message for the keystone native types
when the environment was not correctly configured was a
stacktrace.
This commit updates the code to throw useful error messages
when this occurrs.
