Allow cluster user trusts to be configured

By default, cluster user trusts are disabled however they are
needed if you want to have fully automated LBaaS integration.

This patch allows a user to enable or disable that option easily,
leaving it to the service default by default for security.

Change-Id: If6828e344855a06a650ec4c3fffbf89c5177eca8
This commit is contained in:
Mohammed Naser 2017-07-28 13:22:07 -04:00
parent bc08223503
commit 0f8b9f024e
No known key found for this signature in database
GPG Key ID: 481CBC90384AEC42
3 changed files with 11 additions and 0 deletions

View File

@ -4,6 +4,9 @@
# #
# === Parameters # === Parameters
# #
# [*cluster_user_trust*]
# enable creation of a user trust for clusters. Defaults to $::os_service_default.
#
# [*domain_name*] # [*domain_name*]
# magnum domain name. Defaults to 'magnum'. # magnum domain name. Defaults to 'magnum'.
# #
@ -31,6 +34,7 @@
# Defaults to 'true'. # Defaults to 'true'.
# #
class magnum::keystone::domain ( class magnum::keystone::domain (
$cluster_user_trust = $::os_service_default,
$domain_name = 'magnum', $domain_name = 'magnum',
$domain_admin = 'magnum_admin', $domain_admin = 'magnum_admin',
$domain_admin_email = 'magnum_admin@localhost', $domain_admin_email = 'magnum_admin@localhost',
@ -69,6 +73,7 @@ class magnum::keystone::domain (
} }
magnum_config { magnum_config {
'trust/cluster_user_trust': value => $cluster_user_trust;
'trust/trustee_domain_name': value => $domain_name; 'trust/trustee_domain_name': value => $domain_name;
'trust/trustee_domain_admin_name': value => $domain_admin; 'trust/trustee_domain_admin_name': value => $domain_admin;
'trust/trustee_domain_admin_password': value => $domain_password, secret => true; 'trust/trustee_domain_admin_password': value => $domain_password, secret => true;

View File

@ -0,0 +1,4 @@
---
features:
- Added configuration option to allow configuring a user trust for clusters
which can be accessed at magnum::keystone::domain::cluster_user_trust

View File

@ -3,6 +3,7 @@ require 'spec_helper'
describe 'magnum::keystone::domain' do describe 'magnum::keystone::domain' do
let :params do { let :params do {
:cluster_user_trust => true,
:domain_name => 'magnum', :domain_name => 'magnum',
:domain_admin => 'magnum_admin', :domain_admin => 'magnum_admin',
:domain_admin_email => 'magnum_admin@localhost', :domain_admin_email => 'magnum_admin@localhost',
@ -12,6 +13,7 @@ describe 'magnum::keystone::domain' do
shared_examples_for 'magnum keystone domain' do shared_examples_for 'magnum keystone domain' do
it 'configure magnum.conf' do it 'configure magnum.conf' do
is_expected.to contain_magnum_config('trust/cluster_user_trust').with_value(params[:cluster_user_trust])
is_expected.to contain_magnum_config('trust/trustee_domain_admin_name').with_value(params[:domain_admin]) is_expected.to contain_magnum_config('trust/trustee_domain_admin_name').with_value(params[:domain_admin])
is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_value(params[:domain_password]) is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_value(params[:domain_password])
is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_secret(true) is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_secret(true)