keystone_auth: Require the password parameter
The keystone_auth parameters are required so that magnum can interact with the other OpenStack services. This change ensures the parameter is configured. Change-Id: I745298661d6fc2b6d3f92da0edc8c6430b29a7ee
This commit is contained in:
parent
41ade67ec3
commit
14a901dee0
@ -4,14 +4,13 @@
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*password*]
|
||||
# (Required) Password to create for the service user
|
||||
#
|
||||
# [*username*]
|
||||
# (Optional) The name of the service user
|
||||
# Defaults to 'magnum'
|
||||
#
|
||||
# [*password*]
|
||||
# (Required) Password to create for the service user
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*auth_url*]
|
||||
# (Optional) The URL to use for authentication.
|
||||
# Defaults to 'http://localhost:5000'
|
||||
@ -55,8 +54,8 @@
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
class magnum::keystone::keystone_auth(
|
||||
$password,
|
||||
$username = 'magnum',
|
||||
$password = $::os_service_default,
|
||||
$auth_url = 'http://localhost:5000',
|
||||
$project_name = 'services',
|
||||
$user_domain_name = 'Default',
|
||||
@ -79,25 +78,18 @@ class magnum::keystone::keystone_auth(
|
||||
$project_domain_name_real = $::os_service_default
|
||||
}
|
||||
|
||||
# Only configure keystone_auth if user specifics a password; this keeps
|
||||
# backwards compatibility
|
||||
if !is_service_default($password) {
|
||||
magnum_config {
|
||||
'keystone_auth/auth_url' : value => $auth_url;
|
||||
'keystone_auth/username' : value => $username;
|
||||
'keystone_auth/password' : value => $password, secret => true;
|
||||
'keystone_auth/project_name' : value => $project_name_real;
|
||||
'keystone_auth/user_domain_name' : value => $user_domain_name;
|
||||
'keystone_auth/project_domain_name' : value => $project_domain_name_real;
|
||||
'keystone_auth/system_scope' : value => $system_scope;
|
||||
'keystone_auth/auth_type' : value => $auth_type;
|
||||
}
|
||||
}
|
||||
|
||||
magnum_config {
|
||||
'keystone_auth/cafile' : value => $cafile;
|
||||
'keystone_auth/keyfile' : value => $keyfile;
|
||||
'keystone_auth/certfile' : value => $certfile;
|
||||
'keystone_auth/insecure' : value => $insecure;
|
||||
'keystone_auth/auth_url' : value => $auth_url;
|
||||
'keystone_auth/username' : value => $username;
|
||||
'keystone_auth/password' : value => $password, secret => true;
|
||||
'keystone_auth/project_name' : value => $project_name_real;
|
||||
'keystone_auth/user_domain_name' : value => $user_domain_name;
|
||||
'keystone_auth/project_domain_name' : value => $project_domain_name_real;
|
||||
'keystone_auth/system_scope' : value => $system_scope;
|
||||
'keystone_auth/auth_type' : value => $auth_type;
|
||||
'keystone_auth/cafile' : value => $cafile;
|
||||
'keystone_auth/keyfile' : value => $keyfile;
|
||||
'keystone_auth/certfile' : value => $certfile;
|
||||
'keystone_auth/insecure' : value => $insecure;
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
The ``magnum::keystone::keystone_auth`` class now requires the ``password``
|
||||
parameter. Ensure the required auth parameters are set.
|
@ -3,28 +3,12 @@ require 'spec_helper'
|
||||
describe 'magnum::keystone::keystone_auth' do
|
||||
|
||||
let :params do
|
||||
{ }
|
||||
{ :password => 'magnum_password' }
|
||||
end
|
||||
|
||||
shared_examples_for 'magnum keystone_auth' do
|
||||
shared_examples_for 'magnum::keystone_auth' do
|
||||
|
||||
context 'with default parameters' do
|
||||
it 'configure keystone_auth' do
|
||||
is_expected.not_to contain_magnum_config('keystone_auth/username')
|
||||
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with password' do
|
||||
before do
|
||||
params.merge!({
|
||||
:password => 'magnum_password',
|
||||
})
|
||||
end
|
||||
|
||||
it 'configure keystone_auth' do
|
||||
is_expected.to contain_magnum_config('keystone_auth/username').with_value('magnum')
|
||||
is_expected.to contain_magnum_config('keystone_auth/password').with_value('magnum_password')
|
||||
@ -67,17 +51,16 @@ describe 'magnum::keystone::keystone_auth' do
|
||||
is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value(params[:project_domain_name])
|
||||
is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value(params[:auth_type])
|
||||
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('/path/to/ca.cert')
|
||||
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('/path/to/certfile')
|
||||
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('/path/to/key')
|
||||
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(false)
|
||||
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value(params[:cafile])
|
||||
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value(params[:certfile])
|
||||
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value(params[:keyfile])
|
||||
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(params[:insecure])
|
||||
end
|
||||
end
|
||||
|
||||
context 'when system_scope is set' do
|
||||
before do
|
||||
params.merge!(
|
||||
:password => 'mypassword',
|
||||
:system_scope => 'all'
|
||||
)
|
||||
end
|
||||
@ -96,7 +79,7 @@ describe 'magnum::keystone::keystone_auth' do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
it_configures 'magnum keystone_auth'
|
||||
it_configures 'magnum::keystone_auth'
|
||||
end
|
||||
end
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user