From eb3158c8cc671592ae8f73e3db5d6b753efed8b2 Mon Sep 17 00:00:00 2001
From: Alexey Deryugin <aderyugin@mirantis.com>
Date: Fri, 30 Sep 2016 16:49:24 +0300
Subject: [PATCH] Make configure_user and configure_user_role configurable

Murano module should be compatible with all others modules,
that support configure_user and configure_user_role
params being configurable.

Change-Id: Iba87b873410b6efa4d4802de0f903990bc8fa92f
Partial-Bug: #1620758
---
 manifests/keystone/auth.pp                         | 14 ++++++++++++--
 manifests/keystone/cfapi_auth.pp                   | 14 ++++++++++++--
 ...onfigurable_user_and_role-8e755bb0b27d267f.yaml |  4 ++++
 spec/classes/murano_keystone_auth_spec.rb          | 10 ++++++++++
 spec/classes/murano_keystone_cfapi_auth_spec.rb    | 10 ++++++++++
 5 files changed, 48 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/configurable_user_and_role-8e755bb0b27d267f.yaml

diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp
index 84a303a..15b35f2 100644
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -27,6 +27,14 @@
 #   (Optional) Should murano endpoint be configured?
 #   Defaults to 'true'.
 #
+# [*configure_user*]
+#   (Optional) Should murano user be configured?
+#   Defaults to 'true'.
+#
+# [*configure_user_role*]
+#   (Optional) Should murano user role be configured?
+#   Defaults to 'true'.
+#
 # [*service_type*]
 #   (Optional) Type of service.
 #   Defaults to 'application-catalog'.
@@ -69,6 +77,8 @@ class murano::keystone::auth(
   $service_type        = 'application-catalog',
   $service_description = 'Murano Application Catalog',
   $configure_endpoint  = true,
+  $configure_user      = true,
+  $configure_user_role = true,
   $region              = 'RegionOne',
   $public_url          = 'http://127.0.0.1:8082',
   $admin_url           = 'http://127.0.0.1:8082',
@@ -76,8 +86,8 @@ class murano::keystone::auth(
 ) {
 
   keystone::resource::service_identity { 'murano':
-    configure_user      => true,
-    configure_user_role => true,
+    configure_user      => $configure_user,
+    configure_user_role => $configure_user_role,
     configure_endpoint  => $configure_endpoint,
     service_name        => $service_name,
     service_type        => $service_type,
diff --git a/manifests/keystone/cfapi_auth.pp b/manifests/keystone/cfapi_auth.pp
index 32faf01..5a22cea 100644
--- a/manifests/keystone/cfapi_auth.pp
+++ b/manifests/keystone/cfapi_auth.pp
@@ -27,6 +27,14 @@
 #   (Optional) Should murano endpoint be configured?
 #   Defaults to 'true'.
 #
+# [*configure_user*]
+#   (Optional) Should murano user be configured?
+#   Defaults to 'false'.
+#
+# [*configure_user_role*]
+#   (Optional) Should murano user_role be configured?
+#   Defaults to 'false'.
+#
 # [*service_type*]
 #   (Optional) Type of service.
 #   Defaults to 'service-broker'.
@@ -69,6 +77,8 @@ class murano::keystone::cfapi_auth(
   $service_type        = 'service-broker',
   $service_description = 'Murano Service Broker API',
   $configure_endpoint  = true,
+  $configure_user      = false,
+  $configure_user_role = false,
   $region              = 'RegionOne',
   $public_url          = 'http://127.0.0.1:8083',
   $admin_url           = 'http://127.0.0.1:8083',
@@ -77,8 +87,8 @@ class murano::keystone::cfapi_auth(
 
 
   keystone::resource::service_identity { 'murano-cfapi':
-    configure_user      => false,
-    configure_user_role => false,
+    configure_user      => $configure_user,
+    configure_user_role => $configure_user_role,
     configure_endpoint  => $configure_endpoint,
     service_name        => $service_name,
     service_type        => $service_type,
diff --git a/releasenotes/notes/configurable_user_and_role-8e755bb0b27d267f.yaml b/releasenotes/notes/configurable_user_and_role-8e755bb0b27d267f.yaml
new file mode 100644
index 0000000..b74b1a7
--- /dev/null
+++ b/releasenotes/notes/configurable_user_and_role-8e755bb0b27d267f.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - Add ability to set configure_user and configure_user_role
+    parameters in murano::keystone::auth and murano::keystone::cfapi_auth
diff --git a/spec/classes/murano_keystone_auth_spec.rb b/spec/classes/murano_keystone_auth_spec.rb
index 4b7c343..1df402a 100644
--- a/spec/classes/murano_keystone_auth_spec.rb
+++ b/spec/classes/murano_keystone_auth_spec.rb
@@ -64,4 +64,14 @@ describe 'murano::keystone::auth' do
     it { is_expected.to contain_keystone_endpoint('RegionOne/muranoy::application-catalog') }
   end
 
+  describe 'when not configuring user and role' do
+    let :params do
+      { :password => 'foo',
+        :configure_user => false,
+        :configure_user_role => false }
+    end
+
+    it { is_expected.to_not contain_keystone_user('murano') }
+    it { is_expected.to_not contain_keystone_user_role('murano@services') }
+  end
 end
diff --git a/spec/classes/murano_keystone_cfapi_auth_spec.rb b/spec/classes/murano_keystone_cfapi_auth_spec.rb
index 508bb80..4bb9306 100644
--- a/spec/classes/murano_keystone_cfapi_auth_spec.rb
+++ b/spec/classes/murano_keystone_cfapi_auth_spec.rb
@@ -51,4 +51,14 @@ describe 'murano::keystone::cfapi_auth' do
     it { is_expected.to contain_keystone_endpoint('RegionOne/murano-cfapiy::service-broker') }
   end
 
+  describe 'when configuring user and role' do
+    let :params do
+      { :password => 'foo',
+        :configure_user => true,
+        :configure_user_role => true }
+    end
+
+    it { is_expected.to contain_keystone_user('murano-cfapi') }
+    it { is_expected.to contain_keystone_user_role('murano-cfapi@services') }
+  end
 end