New class to support keystone_auth config
The config section [keystone_auth] is used for service user, which is different from [keystone_authtoken]. They used to be managed in the same class, but after the deprecation in Change I0cea57dd58b4ddc532ee28a045ec4b75b8312919, magnum can no longer fall back to use the values in keystone_authtoken/admin_user [1] We add a new class to manage [keystone_auth] of the config, to keep it distinct from keystone_authtoken [1]: https://github.com/openstack/magnum/blob/stable/train/magnum/common/keystone.py#L122-L123 Change-Id: Ib1fe977a151346cd2ab29ad33d7d9dbb86413fe6
This commit is contained in:
parent
e2b05c8956
commit
85b20b0db4
|
@ -73,5 +73,6 @@ class magnum::conductor(
|
|||
|
||||
if $auth_strategy == 'keystone' {
|
||||
include magnum::keystone::authtoken
|
||||
include magnum::keystone::keystone_auth
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
# class: magnum::keystone::keystone_auth
|
||||
#
|
||||
# Configure the keystone_auth section in the configuration file
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*username*]
|
||||
# (Optional) The name of the service user
|
||||
# Defaults to 'magnum'
|
||||
#
|
||||
# [*password*]
|
||||
# (Required) Password to create for the service user
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*auth_url*]
|
||||
# (Optional) The URL to use for authentication.
|
||||
# Defaults to 'http://localhost:5000'
|
||||
#
|
||||
# [*project_name*]
|
||||
# (Optional) Service project name
|
||||
# Defaults to 'services'
|
||||
#
|
||||
# [*user_domain_name*]
|
||||
# (Optional) Name of domain for $username
|
||||
# Defaults to 'Default'
|
||||
#
|
||||
# [*project_domain_name*]
|
||||
# (Optional) Name of domain for $project_name
|
||||
# Defaults to 'Default'
|
||||
#
|
||||
class magnum::keystone::keystone_auth(
|
||||
$username = 'magnum',
|
||||
$password = $::os_service_default,
|
||||
$auth_url = 'http://localhost:5000',
|
||||
$project_name = 'services',
|
||||
$user_domain_name = 'Default',
|
||||
$project_domain_name = 'Default',
|
||||
) {
|
||||
|
||||
include magnum::deps
|
||||
|
||||
# Only configure keystone_auth if user specifics a password; this keeps
|
||||
# backwards compatibility
|
||||
if !is_service_default($password) {
|
||||
magnum_config {
|
||||
'keystone_auth/auth_url' : value => $auth_url;
|
||||
'keystone_auth/username' : value => $username;
|
||||
'keystone_auth/password' : value => $password, secret => true;
|
||||
'keystone_auth/project_name' : value => $project_name;
|
||||
'keystone_auth/project_domain_name' : value => $project_domain_name;
|
||||
'keystone_auth/user_domain_name' : value => $user_domain_name;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -6,8 +6,9 @@ require 'spec_helper'
|
|||
describe 'magnum::conductor' do
|
||||
|
||||
let :pre_condition do
|
||||
'include magnum'
|
||||
'class { "magnum::keystone::authtoken": password => "secret", }'
|
||||
['class { "magnum::keystone::authtoken": password => "secret", }',
|
||||
'class { "magnum::keystone::keystone_auth": password => "secret", }',
|
||||
]
|
||||
end
|
||||
|
||||
shared_examples_for 'magnum-conductor' do
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'magnum::keystone::keystone_auth' do
|
||||
|
||||
let :params do
|
||||
{ }
|
||||
end
|
||||
|
||||
shared_examples_for 'magnum keystone_auth' do
|
||||
|
||||
context 'with default parameters' do
|
||||
it 'configure keystone_auth' do
|
||||
is_expected.not_to contain_magnum_config('keystone_auth/username')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with password' do
|
||||
before do
|
||||
params.merge!({
|
||||
:password => 'magnum_password',
|
||||
})
|
||||
end
|
||||
|
||||
it 'configure keystone_auth' do
|
||||
is_expected.to contain_magnum_config('keystone_auth/username').with_value('magnum')
|
||||
is_expected.to contain_magnum_config('keystone_auth/password').with_value('magnum_password')
|
||||
is_expected.to contain_magnum_config('keystone_auth/auth_url').with_value('http://localhost:5000')
|
||||
is_expected.to contain_magnum_config('keystone_auth/project_name').with_value('services')
|
||||
is_expected.to contain_magnum_config('keystone_auth/user_domain_name').with_value('Default')
|
||||
is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value('Default')
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
context 'when overriding parameters' do
|
||||
before do
|
||||
params.merge!({
|
||||
:username => 'myuser',
|
||||
:password => 'mypasswd',
|
||||
:auth_url => 'http://:127.0.0.1:5000',
|
||||
:project_name => 'service_project',
|
||||
:user_domain_name => 'domainX',
|
||||
:project_domain_name => 'domainX',
|
||||
})
|
||||
end
|
||||
|
||||
it 'configure keystone_auth' do
|
||||
is_expected.to contain_magnum_config('keystone_auth/username').with_value(params[:username])
|
||||
is_expected.to contain_magnum_config('keystone_auth/password').with_value(params[:password])
|
||||
is_expected.to contain_magnum_config('keystone_auth/auth_url').with_value(params[:auth_url])
|
||||
is_expected.to contain_magnum_config('keystone_auth/project_name').with_value(params[:project_name])
|
||||
is_expected.to contain_magnum_config('keystone_auth/user_domain_name').with_value(params[:user_domain_name])
|
||||
is_expected.to contain_magnum_config('keystone_auth/project_domain_name').with_value(params[:project_domain_name])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
it_configures 'magnum keystone_auth'
|
||||
end
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue