openstack/puppet-octavia
Code Issues Proposed changes
b3bccf3b50
puppet-octavia/spec/classes/octavia_service_auth_spec.rb
Takashi Kajinami be91d620fa Globally support system scope credentials 
After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.

Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.

Change-Id: I2d8c35023c9851e6c043b07a1270e386feb9b1dd
2022-03-04 01:52:41 +09:00

78 lines
3.4 KiB
Ruby
Raw Blame History

require 'spec_helper'
describe 'octavia::service_auth' do
shared_examples_for 'service-auth' do
let :params do
{
:password => 'secrete'
}
end
context 'with default params' do
it 'configures default auth' do
is_expected.to contain_octavia_config('service_auth/auth_url').with_value('http://localhost:5000')
is_expected.to contain_octavia_config('service_auth/username').with_value('octavia')
is_expected.to contain_octavia_config('service_auth/project_name').with_value('services')
is_expected.to contain_octavia_config('service_auth/password').with_value('secrete').with_secret(true)
is_expected.to contain_octavia_config('service_auth/user_domain_name').with_value('Default')
is_expected.to contain_octavia_config('service_auth/project_domain_name').with_value('Default')
is_expected.to contain_octavia_config('service_auth/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_octavia_config('service_auth/auth_type').with_value('password')
is_expected.to contain_octavia_config('service_auth/region_name').with_value('<SERVICE DEFAULT>')
end
end
context 'when credentials are configured' do
before do
params.merge!({
:auth_url => 'http://199.199.199.199:64371',
:username => 'some_user',
:project_name => 'some_project_name',
:user_domain_name => 'my_domain_name',
:project_domain_name => 'our_domain_name',
:auth_type => 'v3password',
:region_name => 'regionOne',
})
end
it 'configures credentials' do
is_expected.to contain_octavia_config('service_auth/auth_url').with_value('http://199.199.199.199:64371')
is_expected.to contain_octavia_config('service_auth/username').with_value('some_user')
is_expected.to contain_octavia_config('service_auth/project_name').with_value('some_project_name')
is_expected.to contain_octavia_config('service_auth/password').with_value('secrete').with_secret(true)
is_expected.to contain_octavia_config('service_auth/user_domain_name').with_value('my_domain_name')
is_expected.to contain_octavia_config('service_auth/project_domain_name').with_value('our_domain_name')
is_expected.to contain_octavia_config('service_auth/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_octavia_config('service_auth/auth_type').with_value('v3password')
is_expected.to contain_octavia_config('service_auth/region_name').with_value('regionOne')
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_octavia_config('service_auth/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_octavia_config('service_auth/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_octavia_config('service_auth/system_scope').with_value('all')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'service-auth'
end
end
end
View Git Blame Copy Permalink