Merge "Accept system scope credential for Designate API request"

2022-01-22 18:19:53 +00:00 · 2022-01-22 18:19:53 +00:00 · 5b409e58d1
parent a7a00225ff 71711d8031
commit 5b409e58d1
3 changed files with 53 additions and 12 deletions
--- a/manifests/designate.pp
+++ b/manifests/designate.pp
@ -19,6 +19,10 @@
 #   (optional) Username for connection to designate in admin context
 #   Defaults to 'neutron'
 #
+# [*user_domain_name*]
+#   (Optional) Name of domain for $username
+#   Defaults to 'Default'
+#
 # [*project_name*]
 #   (optional) The name of the admin project
 #   Defaults to 'services'
@ -27,9 +31,9 @@
 #   (Optional) Name of domain for $project_name
 #   Defaults to 'Default'
 #
-# [*user_domain_name*]
-#   (Optional) Name of domain for $username
-#   Defaults to 'Default'
+# [*system_scope*]
+#   (Optional) Scope for system operations
+#   Defaults to $::os_service_default
 #
 # [*auth_url*]
 #   (optional) Authorization URI for connection to designate in admin context.
@ -61,9 +65,10 @@ class neutron::designate (
  $url,
  $auth_type                 = 'password',
  $username                  = 'neutron',
+  $user_domain_name          = 'Default',
  $project_name              = 'services',
  $project_domain_name       = 'Default',
-  $user_domain_name          = 'Default',
+  $system_scope              = $::os_service_default,
  $auth_url                  = 'http://127.0.0.1:5000',
  $allow_reverse_dns_lookup  = $::os_service_default,
  $ipv4_ptr_zone_prefix_size = $::os_service_default,
@ -79,16 +84,27 @@ class neutron::designate (
    warning('The neutron::designate::project_id parmaeter is deprecated. Use the project_name parameter.')
  }

+  if is_service_default($system_scope){
+    $project_id_real = pick($project_id, $::os_service_default)
+    $project_name_real = $project_name
+    $project_domain_name_real = $project_domain_name
+  } else {
+    $project_id_real = $::os_service_default
+    $project_name_real = $::os_service_default
+    $project_domain_name_real = $::os_service_default
+  }
+
  neutron_config {
    'DEFAULT/external_dns_driver':         value => 'designate';
    'designate/password':                  value => $password, secret => true;
    'designate/url':                       value => $url;
    'designate/auth_type':                 value => $auth_type;
    'designate/username':                  value => $username;
-    'designate/project_id':                value => pick($project_id, $::os_service_default);
-    'designate/project_name':              value => $project_name;
-    'designate/project_domain_name':       value => $project_domain_name;
    'designate/user_domain_name':          value => $user_domain_name;
+    'designate/project_id':                value => $project_id_real;
+    'designate/project_name':              value => $project_name_real;
+    'designate/project_domain_name':       value => $project_domain_name_real;
+    'designate/system_scope':              value => $system_scope;
    'designate/auth_url':                  value => $auth_url;
    'designate/allow_reverse_dns_lookup':  value => $allow_reverse_dns_lookup;
    'designate/ipv4_ptr_zone_prefix_size': value => $ipv4_ptr_zone_prefix_size;
--- a/releasenotes/notes/system_scope-designate-e5bbd73fc8e59f0b.yaml
+++ b/releasenotes/notes/system_scope-designate-e5bbd73fc8e59f0b.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The ``system_scope`` parameter has been added to the ``neutron::designate``
+    class.
--- a/spec/classes/neutron_designate_spec.rb
+++ b/spec/classes/neutron_designate_spec.rb
@ -16,11 +16,12 @@ describe 'neutron::designate' do
        should contain_neutron_config('DEFAULT/external_dns_driver').with_value('designate')
        should contain_neutron_config('designate/url').with_value('http://ip/designate')
        should contain_neutron_config('designate/password').with_value('secret').with_secret(true)
-        should contain_neutron_config('designate/username').with_value('neutron')
        should contain_neutron_config('designate/auth_type').with_value('password')
+        should contain_neutron_config('designate/username').with_value('neutron')
+        should contain_neutron_config('designate/user_domain_name').with_value('Default')
        should contain_neutron_config('designate/project_name').with_value('services')
        should contain_neutron_config('designate/project_domain_name').with_value('Default')
-        should contain_neutron_config('designate/user_domain_name').with_value('Default')
+        should contain_neutron_config('designate/system_scope').with_value('<SERVICE DEFAULT>')
        should contain_neutron_config('designate/auth_url').with_value('http://127.0.0.1:5000')
        should contain_neutron_config('designate/allow_reverse_dns_lookup').with_value('<SERVICE DEFAULT>')
        should contain_neutron_config('designate/ipv4_ptr_zone_prefix_size').with_value('<SERVICE DEFAULT>')
@ -34,10 +35,10 @@ describe 'neutron::designate' do
        req_params.merge!({
          :auth_type                 => 'token',
          :username                  => 'user',
+          :user_domain_name          => 'Domain2',
          :project_id                => 'id1',
          :project_name              => 'proj',
          :project_domain_name       => 'Domain1',
-          :user_domain_name          => 'Domain2',
          :auth_url                  => 'http://auth/',
          :allow_reverse_dns_lookup  => false,
          :ipv4_ptr_zone_prefix_size => 765,
@ -50,12 +51,13 @@ describe 'neutron::designate' do
        should contain_neutron_config('DEFAULT/external_dns_driver').with_value('designate')
        should contain_neutron_config('designate/url').with_value('http://ip/designate')
        should contain_neutron_config('designate/password').with_value('secret').with_secret(true)
-        should contain_neutron_config('designate/username').with_value('user')
        should contain_neutron_config('designate/auth_type').with_value('token')
+        should contain_neutron_config('designate/username').with_value('user')
+        should contain_neutron_config('designate/user_domain_name').with_value('Domain2')
        should contain_neutron_config('designate/project_id').with_value('id1')
        should contain_neutron_config('designate/project_name').with_value('proj')
        should contain_neutron_config('designate/project_domain_name').with_value('Domain1')
-        should contain_neutron_config('designate/user_domain_name').with_value('Domain2')
+        should contain_neutron_config('designate/system_scope').with_value('<SERVICE DEFAULT>')
        should contain_neutron_config('designate/auth_url').with_value('http://auth/')
        should contain_neutron_config('designate/allow_reverse_dns_lookup').with_value(false)
        should contain_neutron_config('designate/ipv4_ptr_zone_prefix_size').with_value(765)
@ -63,6 +65,24 @@ describe 'neutron::designate' do
        should contain_neutron_config('designate/ptr_zone_email').with_value('foo@example.com')
      end
    end
+
+    context 'with system_scope' do
+      let :params do
+        req_params.merge!({
+          :project_id          => 'id1',
+          :project_name        => 'proj',
+          :project_domain_name => 'Domain1',
+          :system_scope        => 'all',
+        })
+      end
+
+      it 'configures designate in neutron.conf' do
+        should contain_neutron_config('designate/project_id').with_value('<SERVICE DEFAULT>')
+        should contain_neutron_config('designate/project_name').with_value('<SERVICE DEFAULT>')
+        should contain_neutron_config('designate/project_domain_name').with_value('<SERVICE DEFAULT>')
+        should contain_neutron_config('designate/system_scope').with_value('all')
+      end
+    end
  end

  on_supported_os({