openstack/puppet-magnum
Code Issues Proposed changes

Merge "Globally support system scope credentials"

Browse Source
This commit is contained in:
Zuul 2022-03-11 11:32:32 +00:00 committed by Gerrit Code Review
commit 60f4f5a857
3 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
manifests/keystone/keystone_auth.pp
View File

@ -28,6 +28,10 @@
# (Optional) Name of domain for $project_name
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations.
# Defauls to $::os_service_default
#
# [*auth_type*]
# (Optional) Authentication type to load
# Defaults to 'password'
@ -39,11 +43,20 @@ class magnum::keystone::keystone_auth(
$project_name = 'services',
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$auth_type = 'password',
) {
include magnum::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
# Only configure keystone_auth if user specifics a password; this keeps
# backwards compatibility
if !is_service_default($password) {
@ -51,9 +64,10 @@ class magnum::keystone::keystone_auth(
'keystone_auth/auth_url' : value => $auth_url;
'keystone_auth/username' : value => $username;
'keystone_auth/password' : value => $password, secret => true;
'keystone_auth/project_name' : value => $project_name;
'keystone_auth/project_domain_name' : value => $project_domain_name;
'keystone_auth/project_name' : value => $project_name_real;
'keystone_auth/user_domain_name' : value => $user_domain_name;
'keystone_auth/project_domain_name' : value => $project_domain_name_real;
'keystone_auth/system_scope' : value => $system_scope;
'keystone_auth/auth_type' : value => $auth_type;
}
}

5
releasenotes/notes/system_scope-all-2f3620a1195c518d.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- |
The new ``magnum::keystone::keystone_auth::system_scope`` parameter has
been added.

17
spec/classes/magnum_keystone_keystone_auth_spec.rb
View File

@ -28,11 +28,11 @@ describe 'magnum::keystone::keystone_auth' do
is_expected.to contain_magnum_config('keystone_auth/project_name').with_value('services')
is_expected.to contain_magnum_config('keystone_auth/user_domain_name').with_value('Default')
is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value('Default')
is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value('password')
end
end
context 'when overriding parameters' do
before do
params.merge!({
@ -53,9 +53,24 @@ describe 'magnum::keystone::keystone_auth' do
is_expected.to contain_magnum_config('keystone_auth/project_name').with_value(params[:project_name])
is_expected.to contain_magnum_config('keystone_auth/user_domain_name').with_value(params[:user_domain_name])
is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value(params[:project_domain_name])
is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/auth_type').with_value(params[:auth_type])
end
end
context 'when system_scope is set' do
before do
params.merge!(
:password => 'mypassword',
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('keystone_auth/system_scope').with_value('all')
end
end
end
on_supported_os({