Add missing parameters to nova::metadata::novajoin::authtoken
The nova::metadata::novajoin::authtoken class has not been updated and it doesn't support some parameters recently added to the authtoken class for nova-api. This change adds these missing parameters so that two authtoken classes have the consistent implementation. Change-Id: I6263595b6e5fcef9925e84bcf15b1a46f91f3f68
This commit is contained in:
Takashi Kajinami
parent
f57463ca68
commit
a540931998
@ -161,6 +161,36 @@
|
||||
# (in seconds). Set to -1 to disable caching completely. Integer value
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*service_token_roles*]
|
||||
# (Optional) A choice of roles that must be present in a service token.
|
||||
# Service tokens are allowed to request that an expired token
|
||||
# can be used and so this check should tightly control that
|
||||
# only actual services should be sending this token. Roles
|
||||
# here are applied as an ANY check so any role in this list
|
||||
# must be present. For backwards compatibility reasons this
|
||||
# currently only affects the allow_expired check. (list value)
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*service_token_roles_required*]
|
||||
# (optional) backwards compatibility to ensure that the service tokens are
|
||||
# compared against a list of possible roles for validity
|
||||
# true/false
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*service_type*]
|
||||
# (Optional) The name or type of the service as it appears in the service
|
||||
# catalog. This is used to validate tokens that have restricted access rules.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*interface*]
|
||||
# (Optional) Interface to use for the Identity API endpoint. Valid values are
|
||||
# "public", "internal" or "admin".
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*params*]
|
||||
# (Optional) Hash of additional parameters to pass through to the keystone
|
||||
# authtoken class. Values set here override the individual parameters above.
|
||||
#
|
||||
class nova::metadata::novajoin::authtoken(
|
||||
$username = 'novajoin',
|
||||
$password = $::os_service_default,
|
||||
@ -194,44 +224,58 @@ class nova::metadata::novajoin::authtoken(
|
||||
$manage_memcache_package = false,
|
||||
$region_name = $::os_service_default,
|
||||
$token_cache_time = $::os_service_default,
|
||||
$service_token_roles = $::os_service_default,
|
||||
$service_token_roles_required = $::os_service_default,
|
||||
$service_type = $::os_service_default,
|
||||
$interface = $::os_service_default,
|
||||
$params = {},
|
||||
) {
|
||||
|
||||
include nova::deps
|
||||
|
||||
if is_service_default($password) {
|
||||
fail('Please set password for novajoin service user')
|
||||
}
|
||||
|
||||
keystone::resource::authtoken { 'novajoin_config':
|
||||
username => $username,
|
||||
password => $password,
|
||||
project_name => $project_name,
|
||||
auth_url => $auth_url,
|
||||
www_authenticate_uri => $www_authenticate_uri,
|
||||
auth_version => $auth_version,
|
||||
auth_type => $auth_type,
|
||||
auth_section => $auth_section,
|
||||
user_domain_name => $user_domain_name,
|
||||
project_domain_name => $project_domain_name,
|
||||
insecure => $insecure,
|
||||
cache => $cache,
|
||||
cafile => $cafile,
|
||||
certfile => $certfile,
|
||||
delay_auth_decision => $delay_auth_decision,
|
||||
enforce_token_bind => $enforce_token_bind,
|
||||
http_connect_timeout => $http_connect_timeout,
|
||||
http_request_max_retries => $http_request_max_retries,
|
||||
include_service_catalog => $include_service_catalog,
|
||||
keyfile => $keyfile,
|
||||
memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
|
||||
memcache_pool_dead_retry => $memcache_pool_dead_retry,
|
||||
memcache_pool_maxsize => $memcache_pool_maxsize,
|
||||
memcache_pool_socket_timeout => $memcache_pool_socket_timeout,
|
||||
memcache_secret_key => $memcache_secret_key,
|
||||
memcache_security_strategy => $memcache_security_strategy,
|
||||
memcache_use_advanced_pool => $memcache_use_advanced_pool,
|
||||
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
|
||||
memcached_servers => $memcached_servers,
|
||||
manage_memcache_package => $manage_memcache_package,
|
||||
region_name => $region_name,
|
||||
token_cache_time => $token_cache_time,
|
||||
keystone::resource::authtoken {
|
||||
'novajoin_config':
|
||||
* => $params;
|
||||
default:
|
||||
username => $username,
|
||||
password => $password,
|
||||
project_name => $project_name,
|
||||
auth_url => $auth_url,
|
||||
www_authenticate_uri => $www_authenticate_uri,
|
||||
auth_version => $auth_version,
|
||||
auth_type => $auth_type,
|
||||
auth_section => $auth_section,
|
||||
user_domain_name => $user_domain_name,
|
||||
project_domain_name => $project_domain_name,
|
||||
insecure => $insecure,
|
||||
cache => $cache,
|
||||
cafile => $cafile,
|
||||
certfile => $certfile,
|
||||
delay_auth_decision => $delay_auth_decision,
|
||||
enforce_token_bind => $enforce_token_bind,
|
||||
http_connect_timeout => $http_connect_timeout,
|
||||
http_request_max_retries => $http_request_max_retries,
|
||||
include_service_catalog => $include_service_catalog,
|
||||
keyfile => $keyfile,
|
||||
memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
|
||||
memcache_pool_dead_retry => $memcache_pool_dead_retry,
|
||||
memcache_pool_maxsize => $memcache_pool_maxsize,
|
||||
memcache_pool_socket_timeout => $memcache_pool_socket_timeout,
|
||||
memcache_secret_key => $memcache_secret_key,
|
||||
memcache_security_strategy => $memcache_security_strategy,
|
||||
memcache_use_advanced_pool => $memcache_use_advanced_pool,
|
||||
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
|
||||
memcached_servers => $memcached_servers,
|
||||
manage_memcache_package => $manage_memcache_package,
|
||||
region_name => $region_name,
|
||||
token_cache_time => $token_cache_time,
|
||||
service_token_roles => $service_token_roles,
|
||||
service_token_roles_required => $service_token_roles_required,
|
||||
service_type => $service_type,
|
||||
interface => $interface;
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,11 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The following parameters have been added to
|
||||
the ``nova::metada::novajoin::authtoken`` class
|
||||
|
||||
- ``service_token_roles``
|
||||
- ``service_token_roles_required``
|
||||
- ``service_type``
|
||||
- ``interface``
|
||||
- ``params``
|
||||
@ -42,6 +42,10 @@ describe 'nova::metadata::novajoin::authtoken' do
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/region_name').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/token_cache_time').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/service_token_roles').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/service_token_roles_required').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/service_type').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/interface').with_value('<SERVICE DEFAULT>')
|
||||
end
|
||||
end
|
||||
|
||||
@ -60,8 +64,7 @@ describe 'nova::metadata::novajoin::authtoken' do
|
||||
:auth_type => 'password',
|
||||
:auth_version => 'v3',
|
||||
:cache => 'somevalue',
|
||||
:cafile =>
|
||||
'/opt/stack/data/cafile.pem',
|
||||
:cafile => '/opt/stack/data/cafile.pem',
|
||||
:certfile => 'certfile.crt',
|
||||
:delay_auth_decision => false,
|
||||
:enforce_token_bind => 'permissive',
|
||||
@ -77,11 +80,14 @@ describe 'nova::metadata::novajoin::authtoken' do
|
||||
:memcache_secret_key => 'secret_key',
|
||||
:memcache_security_strategy => 'ENCRYPT',
|
||||
:memcache_use_advanced_pool => true,
|
||||
:memcached_servers =>
|
||||
['memcached01:11211','memcached02:11211'],
|
||||
:memcached_servers => ['memcached01:11211','memcached02:11211'],
|
||||
:manage_memcache_package => true,
|
||||
:region_name => 'region2',
|
||||
:token_cache_time => '301',
|
||||
:service_token_roles => ['service'],
|
||||
:service_token_roles_required => true,
|
||||
:service_type => 'identity',
|
||||
:interface => 'internal',
|
||||
})
|
||||
end
|
||||
|
||||
@ -117,12 +123,29 @@ describe 'nova::metadata::novajoin::authtoken' do
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/region_name').with_value(params[:region_name])
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/token_cache_time').with_value(params[:token_cache_time])
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/service_token_roles').with_value(params[:service_token_roles])
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/service_token_roles_required').with_value(params[:service_token_roles_required])
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/interface').with_value(params[:interface])
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/service_type').with_value(params[:service_type])
|
||||
end
|
||||
|
||||
it 'installs python memcache package' do
|
||||
is_expected.to contain_package('python-memcache')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when overriding parameters via params hash' do
|
||||
before do
|
||||
params.merge!({
|
||||
:username => 'myuser',
|
||||
:params => { 'username' => 'myotheruser' },
|
||||
})
|
||||
end
|
||||
|
||||
it 'configure keystone_authtoken' do
|
||||
is_expected.to contain_novajoin_config('keystone_authtoken/username').with_value(params[:params]['username'])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user