Implement class to configure parameters to use service token
This patch introduces nova::keystone::service_user class to configure parameters to enable service token feature in Nova. Depends-on: https://review.opendev.org/#/c/666467/ Change-Id: I0400fdbaf098121c0f5e380379b7cfb660963ddd
This commit is contained in:
Takashi Kajinami
parent
6ba4a0029e
commit
9cde9d9326
|
|
@ -0,0 +1,101 @@
|
|||
# class: nova::keystone::service_user
|
||||
#
|
||||
# Configure the service_user section in the configuration file
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*username*]
|
||||
# (Optional) The name of the service user
|
||||
# Defaults to 'nova'
|
||||
#
|
||||
# [*password*]
|
||||
# (Optional) Password to create for the service user
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*auth_url*]
|
||||
# (Optional) The URL to use for authentication.
|
||||
# Defaults to 'http:://127.0.0.1:5000'
|
||||
#
|
||||
# [*project_name*]
|
||||
# (Optional) Service project name
|
||||
# Defaults to 'services'
|
||||
#
|
||||
# [*user_domain_name*]
|
||||
# (Optional) Name of domain for $user_domain_name
|
||||
# Defaults to 'Default'
|
||||
#
|
||||
# [*project_domain_name*]
|
||||
# (Optional) Name of domain for $project_domain_name
|
||||
# Defaults to 'Default'
|
||||
#
|
||||
# [*send_service_user_token*]
|
||||
# (Optional) The service uses service token feature when this is set as true
|
||||
# Defaults to 'false'
|
||||
#
|
||||
# [*insecure*]
|
||||
# (Optional) If true, explicitly allow TLS without checking server cert
|
||||
# against any certificate authorities. WARNING: not recommended. Use with
|
||||
# caution.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*auth_type*]
|
||||
# (Optional) Authentication type to load
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*auth_version*]
|
||||
# (Optional) API version of the admin Identity API endpoint.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*cafile*]
|
||||
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
|
||||
# connections.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*certfile*]
|
||||
# (Optional) Required if identity server requires client certificate
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*keyfile*]
|
||||
# (Optional) Required if identity server requires client certificate
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*region_name*]
|
||||
# (Optional) The region in which the identity server can be found.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
class nova::keystone::service_user(
|
||||
$username = 'nova',
|
||||
$password = $::os_service_default,
|
||||
$auth_url = 'http://127.0.0.1:5000/',
|
||||
$project_name = 'services',
|
||||
$user_domain_name = 'Default',
|
||||
$project_domain_name = 'Default',
|
||||
$send_service_user_token = false,
|
||||
$insecure = $::os_service_default,
|
||||
$auth_type = 'password',
|
||||
$auth_version = $::os_service_default,
|
||||
$cafile = $::os_service_default,
|
||||
$certfile = $::os_service_default,
|
||||
$keyfile = $::os_service_default,
|
||||
$region_name = $::os_service_default,
|
||||
) {
|
||||
|
||||
include ::nova::deps
|
||||
|
||||
keystone::resource::service_user { 'nova_config':
|
||||
username => $username,
|
||||
password => $password,
|
||||
project_name => $project_name,
|
||||
auth_url => $auth_url,
|
||||
auth_version => $auth_version,
|
||||
auth_type => $auth_type,
|
||||
user_domain_name => $user_domain_name,
|
||||
project_domain_name => $project_domain_name,
|
||||
send_service_user_token => $send_service_user_token,
|
||||
insecure => $insecure,
|
||||
cafile => $cafile,
|
||||
certfile => $certfile,
|
||||
keyfile => $keyfile,
|
||||
region_name => $region_name,
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
New class, nova::keystone::service_user, is introduced to configure
|
||||
parameters to service token feature.
|
||||
|
|
@ -61,8 +61,7 @@ describe 'nova::keystone::authtoken' do
|
|||
:auth_type => 'password',
|
||||
:auth_version => 'v3',
|
||||
:cache => 'somevalue',
|
||||
:cafile =>
|
||||
'/opt/stack/data/cafile.pem',
|
||||
:cafile => '/opt/stack/data/cafile.pem',
|
||||
:certfile => 'certfile.crt',
|
||||
:delay_auth_decision => false,
|
||||
:enforce_token_bind => 'permissive',
|
||||
|
|
@ -78,8 +77,7 @@ describe 'nova::keystone::authtoken' do
|
|||
:memcache_secret_key => 'secret_key',
|
||||
:memcache_security_strategy => 'ENCRYPT',
|
||||
:memcache_use_advanced_pool => true,
|
||||
:memcached_servers =>
|
||||
['memcached01:11211','memcached02:11211'],
|
||||
:memcached_servers => ['memcached01:11211','memcached02:11211'],
|
||||
:manage_memcache_package => true,
|
||||
:region_name => 'region2',
|
||||
:token_cache_time => '301',
|
||||
|
|
@ -88,7 +86,7 @@ describe 'nova::keystone::authtoken' do
|
|||
end
|
||||
|
||||
it 'configure keystone_authtoken' do
|
||||
is_expected.to contain_nova_config('keystone_authtoken/www_authenticate_uri').with_value('https://10.0.0.1:9999/')
|
||||
is_expected.to contain_nova_config('keystone_authtoken/www_authenticate_uri').with_value('https://10.0.0.1:9999/')
|
||||
is_expected.to contain_nova_config('keystone_authtoken/username').with_value(params[:username])
|
||||
is_expected.to contain_nova_config('keystone_authtoken/password').with_value(params[:password]).with_secret(true)
|
||||
is_expected.to contain_nova_config('keystone_authtoken/auth_url').with_value(params[:auth_url])
|
||||
|
|
|
|||
|
|
@ -0,0 +1,82 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'nova::keystone::service_user' do
|
||||
|
||||
let :params do
|
||||
{ :password => 'nova_password', }
|
||||
end
|
||||
|
||||
shared_examples 'nova service_user' do
|
||||
|
||||
context 'with default parameters' do
|
||||
|
||||
it 'configure service_user' do
|
||||
is_expected.to contain_nova_config('service_user/username').with_value('nova')
|
||||
is_expected.to contain_nova_config('service_user/password').with_value('nova_password')
|
||||
is_expected.to contain_nova_config('service_user/auth_url').with_value('http://127.0.0.1:5000/')
|
||||
is_expected.to contain_nova_config('service_user/project_name').with_value('services')
|
||||
is_expected.to contain_nova_config('service_user/user_domain_name').with_value('Default')
|
||||
is_expected.to contain_nova_config('service_user/project_domain_name').with_value('Default')
|
||||
is_expected.to contain_nova_config('service_user/insecure').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('service_user/send_service_user_token').with_value(false)
|
||||
is_expected.to contain_nova_config('service_user/auth_type').with_value('password')
|
||||
is_expected.to contain_nova_config('service_user/auth_version').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('service_user/cafile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('service_user/certfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('service_user/keyfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_nova_config('service_user/region_name').with_value('<SERVICE DEFAULT>')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when overriding parameters' do
|
||||
before do
|
||||
params.merge!({
|
||||
:username => 'myuser',
|
||||
:password => 'mypasswd',
|
||||
:auth_url => 'http://:127.0.0.1:5000',
|
||||
:project_name => 'service_project',
|
||||
:user_domain_name => 'domainX',
|
||||
:project_domain_name => 'domainX',
|
||||
:send_service_user_token => true,
|
||||
:insecure => false,
|
||||
:auth_type => 'password',
|
||||
:auth_version => 'v3',
|
||||
:cafile => '/opt/stack/data/cafile.pem',
|
||||
:certfile => 'certfile.crt',
|
||||
:keyfile => 'keyfile',
|
||||
:region_name => 'region2',
|
||||
})
|
||||
end
|
||||
|
||||
it 'configure service_user' do
|
||||
is_expected.to contain_nova_config('service_user/username').with_value(params[:username])
|
||||
is_expected.to contain_nova_config('service_user/password').with_value(params[:password]).with_secret(true)
|
||||
is_expected.to contain_nova_config('service_user/auth_url').with_value(params[:auth_url])
|
||||
is_expected.to contain_nova_config('service_user/project_name').with_value(params[:project_name])
|
||||
is_expected.to contain_nova_config('service_user/user_domain_name').with_value(params[:user_domain_name])
|
||||
is_expected.to contain_nova_config('service_user/project_domain_name').with_value(params[:project_domain_name])
|
||||
is_expected.to contain_nova_config('service_user/send_service_user_token').with_value(params[:send_service_user_token])
|
||||
is_expected.to contain_nova_config('service_user/insecure').with_value(params[:insecure])
|
||||
is_expected.to contain_nova_config('service_user/auth_type').with_value(params[:auth_type])
|
||||
is_expected.to contain_nova_config('service_user/auth_version').with_value(params[:auth_version])
|
||||
is_expected.to contain_nova_config('service_user/cafile').with_value(params[:cafile])
|
||||
is_expected.to contain_nova_config('service_user/certfile').with_value(params[:certfile])
|
||||
is_expected.to contain_nova_config('service_user/keyfile').with_value(params[:keyfile])
|
||||
is_expected.to contain_nova_config('service_user/region_name').with_value(params[:region_name])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
it_behaves_like 'nova service_user'
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
Loading…
Reference in New Issue