openstack/puppet-magnum
Code Issues Proposed changes

Merge "keystone_auth: Support ssl parameters"

Browse Source
This commit is contained in:
Zuul 2022-04-05 15:16:30 +00:00 committed by Gerrit Code Review
commit 41ade67ec3
5 changed files with 55 additions and 20 deletions

6
manifests/keystone/authtoken.pp

@ -275,10 +275,4 @@ class magnum::keystone::authtoken(
service_type => $service_type, service_type => $service_type,
interface => $interface, interface => $interface,
} }
magnum_config {
'keystone_auth/cafile' : value => $cafile;
'keystone_auth/keyfile' : value => $keyfile;
'keystone_auth/certfile' : value => $certfile;
'keystone_auth/insecure' : value => $insecure;
}
} }

29
manifests/keystone/keystone_auth.pp

@ -36,6 +36,24 @@
# (Optional) Authentication type to load # (Optional) Authentication type to load
# Defaults to 'password' # Defaults to 'password'
# #
# [*cafile*]
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
# connections.
# Defaults to $::os_service_default.
#
# [*certfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $::os_service_default.
#
# [*keyfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $::os_service_default.
#
# [*insecure*]
# (Optional) If true, explicitly allow TLS without checking server cert
# against any certificate authorities.
# Defaults to $::os_service_default
#
class magnum::keystone::keystone_auth( class magnum::keystone::keystone_auth(
$username = 'magnum', $username = 'magnum',
$password = $::os_service_default, $password = $::os_service_default,
@ -45,6 +63,10 @@ class magnum::keystone::keystone_auth(
$project_domain_name = 'Default', $project_domain_name = 'Default',
$system_scope = $::os_service_default, $system_scope = $::os_service_default,
$auth_type = 'password', $auth_type = 'password',
$cafile = $::os_service_default,
$keyfile = $::os_service_default,
$certfile = $::os_service_default,
$insecure = $::os_service_default,
) { ) {
include magnum::deps include magnum::deps
@ -71,4 +93,11 @@ class magnum::keystone::keystone_auth(
'keystone_auth/auth_type' : value => $auth_type; 'keystone_auth/auth_type' : value => $auth_type;
} }
} }
magnum_config {
'keystone_auth/cafile' : value => $cafile;
'keystone_auth/keyfile' : value => $keyfile;
'keystone_auth/certfile' : value => $certfile;
'keystone_auth/insecure' : value => $insecure;
}
} }

10
releasenotes/notes/keystone_auth-ssl-opts-cf0803fbac010e56.yaml Normal file

@ -0,0 +1,10 @@
---
features:
- |
The ``magnum::keystone::keystone_auth`` class now supports the following
parameters.
- ``cafile``
- ``certfile``
- ``keyfile``
- ``insecure``

14
spec/classes/magnum_keystone_authtoken_spec.rb

@ -52,13 +52,6 @@ describe 'magnum::keystone::authtoken' do
:service_type => '<SERVICE DEFAULT>', :service_type => '<SERVICE DEFAULT>',
:interface => '<SERVICE DEFAULT>', :interface => '<SERVICE DEFAULT>',
)} )}
it {
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('<SERVICE DEFAULT>')
}
end end
context 'when overriding parameters' do context 'when overriding parameters' do
@ -141,13 +134,6 @@ describe 'magnum::keystone::authtoken' do
:service_token_roles_required => params[:service_token_roles_required], :service_token_roles_required => params[:service_token_roles_required],
:interface => params[:interface], :interface => params[:interface],
)} )}
it {
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(params[:insecure])
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value(params[:cafile])
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value(params[:certfile])
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value(params[:keyfile])
}
end end
end end

16
spec/classes/magnum_keystone_keystone_auth_spec.rb

@ -11,6 +11,10 @@ describe 'magnum::keystone::keystone_auth' do
context 'with default parameters' do context 'with default parameters' do
it 'configure keystone_auth' do it 'configure keystone_auth' do
is_expected.not_to contain_magnum_config('keystone_auth/username') is_expected.not_to contain_magnum_config('keystone_auth/username')
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
end end
end end
@ -30,6 +34,10 @@ describe 'magnum::keystone::keystone_auth' do
is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value('Default') is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value('Default')
is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('<SERVICE DEFAULT>') is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value('password') is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value('password')
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value('<SERVICE DEFAULT>')
end end
end end
@ -43,6 +51,10 @@ describe 'magnum::keystone::keystone_auth' do
:user_domain_name => 'domainX', :user_domain_name => 'domainX',
:project_domain_name => 'domainX', :project_domain_name => 'domainX',
:auth_type => 'v3password', :auth_type => 'v3password',
:cafile => '/path/to/ca.cert',
:certfile => '/path/to/certfile',
:keyfile => '/path/to/key',
:insecure => false,
}) })
end end
@ -55,6 +67,10 @@ describe 'magnum::keystone::keystone_auth' do
is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value(params[:project_domain_name]) is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value(params[:project_domain_name])
is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('<SERVICE DEFAULT>') is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value(params[:auth_type]) is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value(params[:auth_type])
is_expected.to contain_magnum_config('keystone_auth/cafile').with_value('/path/to/ca.cert')
is_expected.to contain_magnum_config('keystone_auth/certfile').with_value('/path/to/certfile')
is_expected.to contain_magnum_config('keystone_auth/keyfile').with_value('/path/to/key')
is_expected.to contain_magnum_config('keystone_auth/insecure').with_value(false)
end end
end end