Allow cluster user trusts to be configured

By default, cluster user trusts are disabled however they are needed if you want to have fully automated LBaaS integration. This patch allows a user to enable or disable that option easily, leaving it to the service default by default for security. Change-Id: If6828e344855a06a650ec4c3fffbf89c5177eca8
2017-07-28 13:22:07 -04:00 · 2017-07-28 13:22:07 -04:00 · 0f8b9f024e
commit 0f8b9f024e
parent bc08223503
3 changed files with 11 additions and 0 deletions
--- a/manifests/keystone/domain.pp
+++ b/manifests/keystone/domain.pp
@ -4,6 +4,9 @@
 #
 # === Parameters
 #
+# [*cluster_user_trust*]
+#   enable creation of a user trust for clusters.  Defaults to $::os_service_default.
+#
 # [*domain_name*]
 #   magnum domain name. Defaults to 'magnum'.
 #
@ -31,6 +34,7 @@
 #   Defaults to 'true'.
 #
 class magnum::keystone::domain (
+  $cluster_user_trust = $::os_service_default,
  $domain_name        = 'magnum',
  $domain_admin       = 'magnum_admin',
  $domain_admin_email = 'magnum_admin@localhost',
@ -69,6 +73,7 @@ class magnum::keystone::domain (
  }

  magnum_config {
+    'trust/cluster_user_trust':            value => $cluster_user_trust;
    'trust/trustee_domain_name':           value => $domain_name;
    'trust/trustee_domain_admin_name':     value => $domain_admin;
    'trust/trustee_domain_admin_password': value => $domain_password, secret => true;
--- a/releasenotes/notes/allow-enable-cluster-user-trust-49bc0abdc8504532.yaml
+++ b/releasenotes/notes/allow-enable-cluster-user-trust-49bc0abdc8504532.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - Added configuration option to allow configuring a user trust for clusters
+    which can be accessed at magnum::keystone::domain::cluster_user_trust
--- a/spec/classes/magnum_keystone_domain_spec.rb
+++ b/spec/classes/magnum_keystone_domain_spec.rb
@ -3,6 +3,7 @@ require 'spec_helper'
 describe 'magnum::keystone::domain' do

  let :params do {
+    :cluster_user_trust => true,
    :domain_name        => 'magnum',
    :domain_admin       => 'magnum_admin',
    :domain_admin_email => 'magnum_admin@localhost',
@ -12,6 +13,7 @@ describe 'magnum::keystone::domain' do

  shared_examples_for 'magnum keystone domain' do
    it 'configure magnum.conf' do
+      is_expected.to contain_magnum_config('trust/cluster_user_trust').with_value(params[:cluster_user_trust])
      is_expected.to contain_magnum_config('trust/trustee_domain_admin_name').with_value(params[:domain_admin])
      is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_value(params[:domain_password])
      is_expected.to contain_magnum_config('trust/trustee_domain_admin_password').with_secret(true)