openstack/puppet-magnum
Code Issues Proposed changes

Merge "keystone_auth: Support ssl parameters"

Browse Source
This commit is contained in:
Zuul 2022-04-05 15:16:30 +00:00 committed by Gerrit Code Review
commit 41ade67ec3
5 changed files with 55 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
manifests/keystone/authtoken.pp
View File

@ -275,10 +275,4 @@ class magnum::keystone::authtoken(
service_type => $service_type,
interface => $interface,
}
magnum_config {
'keystone_auth/cafile' : value => $cafile;
'keystone_auth/keyfile' : value => $keyfile;
'keystone_auth/certfile' : value => $certfile;
'keystone_auth/insecure' : value => $insecure;
}
}

29
manifests/keystone/keystone_auth.pp
View File

@ -36,6 +36,24 @@
# (Optional) Authentication type to load
# Defaults to 'password'
#
# [*cafile*]
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
# connections.
# Defaults to $::os_service_default.
#
# [*certfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $::os_service_default.
#
# [*keyfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $::os_service_default.
#
# [*insecure*]
# (Optional) If true, explicitly allow TLS without checking server cert
# against any certificate authorities.
# Defaults to $::os_service_default
#
class magnum::keystone::keystone_auth(
$username = 'magnum',
$password = $::os_service_default,
@ -45,6 +63,10 @@ class magnum::keystone::keystone_auth(
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$auth_type = 'password',
$cafile = $::os_service_default,
$keyfile = $::os_service_default,
$certfile = $::os_service_default,
$insecure = $::os_service_default,
) {
include magnum::deps
@ -71,4 +93,11 @@ class magnum::keystone::keystone_auth(
'keystone_auth/auth_type' : value => $auth_type;
}
}
magnum_config {
'keystone_auth/cafile' : value => $cafile;
'keystone_auth/keyfile' : value => $keyfile;
'keystone_auth/certfile' : value => $certfile;
'keystone_auth/insecure' : value => $insecure;
}
}

10
releasenotes/notes/keystone_auth-ssl-opts-cf0803fbac010e56.yaml Normal file
View File

@ -0,0 +1,10 @@
---
features:
- |
The ``magnum::keystone::keystone_auth`` class now supports the following
parameters.
- ``cafile``
- ``certfile``
- ``keyfile``
- ``insecure``

14
spec/classes/magnum_keystone_authtoken_spec.rb
View File

@ -52,13 +52,6 @@ describe 'magnum::keystone::authtoken' do
:service_type => '<SERVICE DEFAULT>',
:interface => '<SERVICE DEFAULT>',
)}
it {
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('<SERVICE DEFAULT>')
}
end
context 'when overriding parameters' do
@ -141,13 +134,6 @@ describe 'magnum::keystone::authtoken' do
:service_token_roles_required => params[:service_token_roles_required],
:interface => params[:interface],
)}
it {
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(params[:insecure])
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value(params[:cafile])
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value(params[:certfile])
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value(params[:keyfile])
}
end
end

16
spec/classes/magnum_keystone_keystone_auth_spec.rb
View File

@ -11,6 +11,10 @@ describe 'magnum::keystone::keystone_auth' do
context 'with default parameters' do
it 'configure keystone_auth' do
is_expected.not_to contain_magnum_config('keystone_auth/username')
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
end
end
@ -30,6 +34,10 @@ describe 'magnum::keystone::keystone_auth' do
is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value('Default')
is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value('password')
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
end
end
@ -43,6 +51,10 @@ describe 'magnum::keystone::keystone_auth' do
:user_domain_name => 'domainX',
:project_domain_name => 'domainX',
:auth_type => 'v3password',
:cafile => '/path/to/ca.cert',
:certfile => '/path/to/certfile',
:keyfile => '/path/to/key',
:insecure => false,
})
end
@ -55,6 +67,10 @@ describe 'magnum::keystone::keystone_auth' do
is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value(params[:project_domain_name])
is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value(params[:auth_type])
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('/path/to/ca.cert')
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('/path/to/certfile')
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('/path/to/key')
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(false)
end
end