openstack/puppet-keystone
Code Issues Proposed changes
Files
7fe0d49b65ac67c4ad123271bb64908fcb49fbeb
puppet-keystone/spec/classes/keystone_bootstrap_spec.rb
Takashi Kajinami e13958ad9e Refactor api service management 
Drop validation of service name which is not implemented for
the other daemons. This allows us to simplify handling of the provided
service name.

Also remove the "dead" support for standalone keystone service in
CentOS/RHEL because the service is no longer available in these
operating systems.

Change-Id: I4aacfc55e43bc15a1e9f821353633d651dc29dfa
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
2025-09-28 01:33:14 +09:00

413 lines
14 KiB
Ruby
Raw Blame History

require 'spec_helper'
describe 'keystone::bootstrap' do
shared_examples 'keystone::bootstrap' do
context 'with required parameters' do
let :params do
{
:password => 'secret'
}
end
it { is_expected.to contain_class('keystone::deps') }
it { is_expected.to contain_exec('keystone bootstrap').with(
:command => 'keystone-manage bootstrap',
:environment => [
"OS_BOOTSTRAP_USERNAME=admin",
"OS_BOOTSTRAP_PASSWORD=secret",
"OS_BOOTSTRAP_PROJECT_NAME=admin",
"OS_BOOTSTRAP_ROLE_NAME=admin",
"OS_BOOTSTRAP_SERVICE_NAME=keystone",
"OS_BOOTSTRAP_PUBLIC_URL=http://127.0.0.1:5000",
"OS_BOOTSTRAP_REGION_ID=RegionOne",
"OS_BOOTSTRAP_ADMIN_URL=http://127.0.0.1:5000",
"OS_BOOTSTRAP_INTERNAL_URL=http://127.0.0.1:5000",
],
:user => platform_params[:user],
:path => '/usr/bin',
:refreshonly => true,
:subscribe => 'Anchor[keystone::dbsync::end]',
:notify => 'Anchor[keystone::service::begin]',
:tag => 'keystone-bootstrap',
)}
it { is_expected.to contain_keystone_role('admin').with_ensure('present') }
it { is_expected.to contain_keystone_role('manager').with_ensure('present') }
it { is_expected.to contain_keystone_role('member').with_ensure('present') }
it { is_expected.to contain_keystone_role('reader').with_ensure('present') }
it { is_expected.to contain_keystone_role('service').with_ensure('present') }
it { is_expected.to contain_keystone_implied_role('admin@manager').with_ensure('present') }
it { is_expected.to contain_keystone_implied_role('manager@member').with_ensure('present') }
it { is_expected.to contain_keystone_implied_role('member@reader').with_ensure('present') }
it { is_expected.to contain_keystone_user('admin').with(
:ensure => 'present',
:enabled => true,
:email => 'admin@localhost',
:password => 'secret',
)}
it { is_expected.to contain_keystone_tenant('services').with(
:ensure => 'present',
:enabled => true,
)}
it { is_expected.to contain_keystone_tenant('admin').with(
:ensure => 'present',
:enabled => true,
)}
it { is_expected.to contain_keystone_user_role('admin@admin').with(
:ensure => 'present',
:roles => ['admin'],
)}
it { is_expected.to contain_keystone_user_role('admin@::::all').with(
:ensure => 'present',
:roles => ['admin'],
)}
it { is_expected.to contain_keystone_service('keystone::identity').with(
:ensure => 'present',
:description => 'OpenStack Identity Service'
) }
it { is_expected.to contain_keystone_endpoint('RegionOne/keystone::identity').with(
:ensure => 'present',
:public_url => 'http://127.0.0.1:5000',
:admin_url => 'http://127.0.0.1:5000',
:internal_url => 'http://127.0.0.1:5000',
)}
it { is_expected.to contain_file('/etc/openstack').with(
:ensure => 'directory',
:mode => '0755',
:owner => 'root',
:group => 'root',
)}
it { is_expected.to contain_file('/etc/openstack/puppet').with(
:ensure => 'directory',
:mode => '0755',
:owner => 'root',
:group => 'root',
)}
it { is_expected.to contain_openstacklib__clouds('/etc/openstack/puppet/admin-clouds.yaml').with(
:username => 'admin',
:password => 'secret',
:auth_url => 'http://127.0.0.1:5000',
:project_name => 'admin',
:system_scope => 'all',
:region_name => 'RegionOne',
:interface => 'public',
)}
end
context 'with specified parameters' do
let :params do
{
:password => 'secret',
:username => 'user',
:email => 'some@email',
:project_name => 'adminproj',
:service_project_name => 'serviceproj',
:role_name => 'adminrole',
:service_name => 'servicename',
:service_description => 'Alternative OpenStack Identity Service',
:admin_url => 'http://admin:1234',
:public_url => 'http://public:4321',
:internal_url => 'http://internal:1342',
:region => 'RegionTwo',
:interface => 'admin'
}
end
it { is_expected.to contain_class('keystone::deps') }
it { is_expected.to contain_exec('keystone bootstrap').with(
:command => 'keystone-manage bootstrap',
:environment => [
"OS_BOOTSTRAP_USERNAME=user",
"OS_BOOTSTRAP_PASSWORD=secret",
"OS_BOOTSTRAP_PROJECT_NAME=adminproj",
"OS_BOOTSTRAP_ROLE_NAME=adminrole",
"OS_BOOTSTRAP_SERVICE_NAME=servicename",
"OS_BOOTSTRAP_PUBLIC_URL=http://public:4321",
"OS_BOOTSTRAP_REGION_ID=RegionTwo",
"OS_BOOTSTRAP_ADMIN_URL=http://admin:1234",
"OS_BOOTSTRAP_INTERNAL_URL=http://internal:1342",
],
:user => platform_params[:user],
:path => '/usr/bin',
:refreshonly => true,
:subscribe => 'Anchor[keystone::dbsync::end]',
:notify => 'Anchor[keystone::service::begin]',
:tag => 'keystone-bootstrap',
)}
it { is_expected.to contain_keystone_role('adminrole').with_ensure('present') }
it { is_expected.to contain_keystone_role('manager').with_ensure('present') }
it { is_expected.to contain_keystone_role('member').with_ensure('present') }
it { is_expected.to contain_keystone_role('reader').with_ensure('present') }
it { is_expected.to contain_keystone_role('service').with_ensure('present') }
it { is_expected.to contain_keystone_implied_role('adminrole@manager').with_ensure('present') }
it { is_expected.to contain_keystone_implied_role('manager@member').with_ensure('present') }
it { is_expected.to contain_keystone_implied_role('member@reader').with_ensure('present') }
it { is_expected.to contain_keystone_user('user').with(
:ensure => 'present',
:enabled => true,
:email => 'some@email',
:password => 'secret',
)}
it { is_expected.to contain_keystone_tenant('serviceproj').with(
:ensure => 'present',
:enabled => true,
)}
it { is_expected.to contain_keystone_tenant('adminproj').with(
:ensure => 'present',
:enabled => true,
)}
it { is_expected.to contain_keystone_user_role('user@adminproj').with(
:ensure => 'present',
:roles => ['adminrole'],
)}
it { is_expected.to contain_keystone_user_role('user@::::all').with(
:ensure => 'present',
:roles => ['adminrole'],
)}
it { is_expected.to contain_keystone_service('servicename::identity').with(
:ensure => 'present',
:description => 'Alternative OpenStack Identity Service'
) }
it { is_expected.to contain_keystone_endpoint('RegionTwo/servicename::identity').with(
:ensure => 'present',
:public_url => 'http://public:4321',
:admin_url => 'http://admin:1234',
:internal_url => 'http://internal:1342',
)}
it { is_expected.to contain_file('/etc/openstack').with(
:ensure => 'directory',
:mode => '0755',
:owner => 'root',
:group => 'root',
)}
it { is_expected.to contain_file('/etc/openstack/puppet').with(
:ensure => 'directory',
:mode => '0755',
:owner => 'root',
:group => 'root',
)}
it { is_expected.to contain_openstacklib__clouds('/etc/openstack/puppet/admin-clouds.yaml').with(
:username => 'user',
:password => 'secret',
:auth_url => 'http://admin:1234',
:project_name => 'adminproj',
:region_name => 'RegionTwo',
:system_scope => 'all',
:interface => 'admin',
)}
end
context 'with bootstrap disabled' do
let :params do
{
:bootstrap => false,
:password => 'secret'
}
end
it { is_expected.to contain_class('keystone::deps') }
it { is_expected.to_not contain_exec('keystone bootstrap') }
it { is_expected.to contain_keystone_role('admin') }
it { is_expected.to contain_keystone_user('admin') }
it { is_expected.to contain_keystone_tenant('services') }
it { is_expected.to contain_keystone_tenant('admin') }
it { is_expected.to contain_keystone_user_role('admin@admin') }
it { is_expected.to contain_keystone_service('keystone::identity') }
it { is_expected.to contain_keystone_endpoint('RegionOne/keystone::identity') }
it { is_expected.to contain_file('/etc/openstack').with(
:ensure => 'directory',
:mode => '0755',
:owner => 'root',
:group => 'root',
)}
it { is_expected.to contain_file('/etc/openstack/puppet').with(
:ensure => 'directory',
:mode => '0755',
:owner => 'root',
:group => 'root',
)}
it { is_expected.to contain_openstacklib__clouds('/etc/openstack/puppet/admin-clouds.yaml').with(
:username => 'admin',
:password => 'secret',
:auth_url => 'http://127.0.0.1:5000',
:project_name => 'admin',
:system_scope => 'all',
:region_name => 'RegionOne',
:interface => 'public',
)}
end
context 'when setting keystone_user param in keystone' do
let :params do
{
:password => 'secret'
}
end
let :pre_condition do
<<-EOS
class { 'keystone':
keystone_user => 'some',
service_name => 'httpd',
}
include apache
include keystone::wsgi::apache
EOS
end
it { is_expected.to contain_exec('keystone bootstrap').with_user('some') }
end
context 'with bootstrap enabled and manage_resource to false' do
let :params do
{
:bootstrap => false,
:manage_resources => false,
:password => 'secret'
}
end
it { is_expected.to contain_class('keystone::deps') }
it { is_expected.to_not contain_exec('keystone bootstrap') }
it { is_expected.to_not contain_keystone_role('admin') }
it { is_expected.to_not contain_keystone_user('admin') }
it { is_expected.to_not contain_keystone_tenant('services') }
it { is_expected.to_not contain_keystone_tenant('admin') }
it { is_expected.to_not contain_keystone_user_role('admin@admin') }
it { is_expected.to_not contain_keystone_service('keystone::identity') }
it { is_expected.to_not contain_keystone_endpoint('RegionOne/keystone::identity') }
end
context 'when setting interface to internal' do
let :params do
{
:password => 'secret',
:internal_url => 'http://internal:1234',
:interface => 'internal',
}
end
it { is_expected.to contain_openstacklib__clouds('/etc/openstack/puppet/admin-clouds.yaml').with(
:auth_url => 'http://internal:1234',
:interface => 'internal',
)}
end
context 'when admin endpoint is omitted' do
let :params do
{
:password => 'secret',
:admin_url => '',
}
end
it { is_expected.to contain_exec('keystone bootstrap').with(
:command => 'keystone-manage bootstrap',
:environment => [
"OS_BOOTSTRAP_USERNAME=admin",
"OS_BOOTSTRAP_PASSWORD=secret",
"OS_BOOTSTRAP_PROJECT_NAME=admin",
"OS_BOOTSTRAP_ROLE_NAME=admin",
"OS_BOOTSTRAP_SERVICE_NAME=keystone",
"OS_BOOTSTRAP_PUBLIC_URL=http://127.0.0.1:5000",
"OS_BOOTSTRAP_REGION_ID=RegionOne",
"OS_BOOTSTRAP_INTERNAL_URL=http://127.0.0.1:5000",
],
:user => platform_params[:user],
:path => '/usr/bin',
:refreshonly => true,
:subscribe => 'Anchor[keystone::dbsync::end]',
:notify => 'Anchor[keystone::service::begin]',
:tag => 'keystone-bootstrap',
)}
it { is_expected.to contain_keystone_endpoint('RegionOne/keystone::identity').with(
:ensure => 'present',
:public_url => 'http://127.0.0.1:5000',
:internal_url => 'http://127.0.0.1:5000',
)}
end
context 'when internal endpoint is omitted' do
let :params do
{
:password => 'secret',
:internal_url => '',
}
end
it { is_expected.to contain_exec('keystone bootstrap').with(
:command => 'keystone-manage bootstrap',
:environment => [
"OS_BOOTSTRAP_USERNAME=admin",
"OS_BOOTSTRAP_PASSWORD=secret",
"OS_BOOTSTRAP_PROJECT_NAME=admin",
"OS_BOOTSTRAP_ROLE_NAME=admin",
"OS_BOOTSTRAP_SERVICE_NAME=keystone",
"OS_BOOTSTRAP_PUBLIC_URL=http://127.0.0.1:5000",
"OS_BOOTSTRAP_REGION_ID=RegionOne",
"OS_BOOTSTRAP_ADMIN_URL=http://127.0.0.1:5000",
],
:user => platform_params[:user],
:path => '/usr/bin',
:refreshonly => true,
:subscribe => 'Anchor[keystone::dbsync::end]',
:notify => 'Anchor[keystone::service::begin]',
:tag => 'keystone-bootstrap',
)}
it { is_expected.to contain_keystone_endpoint('RegionOne/keystone::identity').with(
:ensure => 'present',
:public_url => 'http://127.0.0.1:5000',
:admin_url => 'http://127.0.0.1:5000',
)}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let(:facts) do
facts.merge!(OSDefaults.get_facts())
end
let(:platform_params) do
{ :user => 'keystone' }
end
it_behaves_like 'keystone::bootstrap'
end
end
end
View Git Blame Copy Permalink