Add keystone roles for Octavia policies
This patch adds creation of the necessary keystone roles to support using Octavia's access policies. Related-Bug: #1762774 Change-Id: Ib34ad49d52bb6afba6d035cf966592e0f0fd9a85
This commit is contained in:
parent
32a7483cad
commit
d6c8f91f63
28
manifests/roles.pp
Normal file
28
manifests/roles.pp
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
# == Class: octavia::roles
|
||||||
|
#
|
||||||
|
# Configure the octavia roles
|
||||||
|
#
|
||||||
|
# === Parameters
|
||||||
|
#
|
||||||
|
# [*role_names*]
|
||||||
|
# (optional) Create keystone roles to comply with Octavia policies.
|
||||||
|
# Defaults to ['load-balancer_observer', 'load-balancer_global_observer',
|
||||||
|
# 'load-balancer_member', 'load-balancer_quota_admin', 'load-balancer_admin',
|
||||||
|
# 'admin']
|
||||||
|
#
|
||||||
|
class octavia::roles (
|
||||||
|
$role_names = [
|
||||||
|
'load-balancer_observer',
|
||||||
|
'load-balancer_global_observer',
|
||||||
|
'load-balancer_member',
|
||||||
|
'load-balancer_quota_admin',
|
||||||
|
'load-balancer_admin',
|
||||||
|
'admin'
|
||||||
|
]
|
||||||
|
) {
|
||||||
|
if $role_names {
|
||||||
|
keystone_role { $role_names:
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added `octavia::roles::role_names` parameter to enable creation of the
|
||||||
|
keystone roles supported by the Octavia API.
|
50
spec/classes/octavia_roles_spec.rb
Normal file
50
spec/classes/octavia_roles_spec.rb
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'octavia::roles' do
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
shared_examples_for 'octavia-roles' do
|
||||||
|
|
||||||
|
context 'when using default args' do
|
||||||
|
it 'creates keystone roles' do
|
||||||
|
is_expected.to contain_keystone_role('load-balancer_observer')
|
||||||
|
is_expected.to contain_keystone_role('load-balancer_global_observer')
|
||||||
|
is_expected.to contain_keystone_role('load-balancer_member')
|
||||||
|
is_expected.to contain_keystone_role('load-balancer_quota_admin')
|
||||||
|
is_expected.to contain_keystone_role('load-balancer_admin')
|
||||||
|
is_expected.to contain_keystone_role('admin')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when using custom roles' do
|
||||||
|
before do
|
||||||
|
params.merge!({
|
||||||
|
:role_names => ['foo', 'bar', 'krispy']
|
||||||
|
})
|
||||||
|
end
|
||||||
|
it 'creates custom keystone roles' do
|
||||||
|
is_expected.to contain_keystone_role('foo')
|
||||||
|
is_expected.to contain_keystone_role('bar')
|
||||||
|
is_expected.to contain_keystone_role('krispy')
|
||||||
|
is_expected.not_to contain_keystone_role('load-balancer_observer')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
on_supported_os({
|
||||||
|
:supported_os => OSDefaults.get_supported_os
|
||||||
|
}).each do |os,facts|
|
||||||
|
context "on #{os}" do
|
||||||
|
let (:facts) do
|
||||||
|
facts.merge!(OSDefaults.get_facts())
|
||||||
|
end
|
||||||
|
it_behaves_like 'octavia-roles'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
Loading…
Reference in New Issue
Block a user