ace7aeb3b7
The legacy admin and public ports for Keystone has since the release of the v3 API not been required as keystone moved all actions to the same API. [1] This patch removes the deployment of port 35357 and remodels puppet-keystone and more specifically the keystone::wsgi::apache class to only deploy keystone on port 5000. This has already been changed in the installation guides [2] and is the recommend way to deploy keystone. We have already prepared all our modules default values to use port 5000 instead of 35357 a while ago and we also in the Rocky release informed our users with a release note that this would be performed [3] [1] https://github.com/openstack/keystone/blob/master/keystone/server/wsgi.py [2] https://docs.openstack.org/keystone/rocky/install/keystone-install-obs.html [3] https://review.openstack.org/#/c/586791/ Closes-Bug: 1804426 Depends-On: https://review.openstack.org/#/c/627793/ Change-Id: I726cd9408d20f868b2b5337ef2df4da458904e51
107 lines
3.4 KiB
Ruby
107 lines
3.4 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe 'keystone::federation::mellon' do
|
|
|
|
let(:pre_condition) do
|
|
<<-EOS
|
|
include apache
|
|
|
|
class { 'keystone::wsgi::apache': }
|
|
EOS
|
|
end
|
|
|
|
let :params do
|
|
{ :methods => 'password, token, saml2',
|
|
:idp_name => 'myidp',
|
|
:protocol_name => 'saml2',
|
|
:template_order => 331,
|
|
}
|
|
end
|
|
|
|
context 'with invalid params' do
|
|
before do
|
|
params.merge!({:methods => 'external, password, token, oauth1'})
|
|
it_raises 'a Puppet::Error', /The external method should be dropped to avoid any interference with some Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even as an empty value./
|
|
end
|
|
|
|
before do
|
|
params.merge!({:methods => 'password, token, oauth1'})
|
|
it_raises 'a Puppet::Error', /Methods should contain saml2 as one of the auth methods./
|
|
end
|
|
|
|
before do
|
|
params.merge!({:template_port => 330})
|
|
it_raises 'a Puppet::Error', /The template order should be greater than 330 and less than 999./
|
|
end
|
|
|
|
before do
|
|
params.merge!({:template_port => 999})
|
|
it_raises 'a Puppet::Error', /The template order should be greater than 330 and less than 999./
|
|
end
|
|
end
|
|
|
|
shared_examples 'Federation Mellon' do
|
|
context 'with only required parameters' do
|
|
it 'should have basic params for mellon in Keystone configuration' do
|
|
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
|
|
is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent')
|
|
end
|
|
|
|
it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({
|
|
# This need to change if priority is changed in keystone::wsgi::apache
|
|
:target => "10-keystone_wsgi.conf",
|
|
:order => params[:template_order],
|
|
})}
|
|
end
|
|
|
|
context 'with websso enabled' do
|
|
before do
|
|
params.merge!({
|
|
:enable_websso => true,
|
|
:trusted_dashboards => [
|
|
'http://acme.horizon.com/auth/websso/',
|
|
'http://beta.horizon.com/auth/websso/',
|
|
],
|
|
})
|
|
end
|
|
|
|
it 'should have basic params for mellon in Keystone configuration' do
|
|
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
|
|
is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent')
|
|
end
|
|
|
|
it 'should have parameters for websso in Keystone configuration' do
|
|
is_expected.to contain_keystone_config('mapped/remote_id_attribute').with_value('MELLON_IDP')
|
|
is_expected.to contain_keystone_config('federation/trusted_dashboard').with_value('http://acme.horizon.com/auth/websso/,http://beta.horizon.com/auth/websso/')
|
|
end
|
|
|
|
it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({
|
|
:target => "10-keystone_wsgi.conf",
|
|
:order => params[:template_order],
|
|
})}
|
|
end
|
|
end
|
|
|
|
on_supported_os({
|
|
:supported_os => OSDefaults.get_supported_os
|
|
}).each do |os,facts|
|
|
context "on #{os}" do
|
|
let (:facts) do
|
|
facts.merge(OSDefaults.get_facts({
|
|
:concat_basedir => '/var/lib/puppet/concat'
|
|
}))
|
|
end
|
|
|
|
it_behaves_like 'Federation Mellon'
|
|
|
|
case [:osfamily]
|
|
when 'Debian'
|
|
it { is_expected.to contain_package('libapache2-mod-auth-mellon') }
|
|
when 'RedHat'
|
|
it { is_expected.to contain_package('mod_auth_mellon') }
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|