Browse Source

Merge "Support system/domain scope credential"

changes/78/826978/1
Zuul 5 months ago committed by Gerrit Code Review
parent
commit
003aef1282
  1. 6
      lib/puppet/provider/openstack/auth.rb
  2. 37
      lib/puppet/provider/openstack/credentials.rb
  3. 6
      releasenotes/notes/system-scope-credential-113608525e12a22d.yaml
  4. 59
      spec/unit/provider/openstack/credentials_spec.rb

6
lib/puppet/provider/openstack/auth.rb

@ -32,14 +32,14 @@ module Puppet::Provider::Openstack::Auth
RCFILENAME
end
def request(service, action, properties=nil, options={})
def request(service, action, properties=nil, options={}, scope='project')
properties ||= []
set_credentials(@credentials, get_os_vars_from_env)
unless @credentials.set?
unless @credentials.set? and (!@credentials.scope_set? or @credentials.scope == scope)
@credentials.unset
set_credentials(@credentials, get_os_vars_from_rcfile(rc_filename))
end
unless @credentials.set?
unless @credentials.set? and (!@credentials.scope_set? or @credentials.scope == scope)
raise(Puppet::Error::OpenstackAuthInputError, 'Insufficient credentials to authenticate')
end
super(service, action, properties, @credentials, options)

37
lib/puppet/provider/openstack/credentials.rb

@ -40,6 +40,20 @@ class Puppet::Provider::Openstack::Credentials
env
end
def scope_set?
@project_name
end
def scope
if @project_name
return 'project'
else
# When only service token is used, there is not way to determine
# the scope unless we inspect the token using keystone API call.
return nil
end
end
def user_password_set?
return true if @username && @password && @project_name && @auth_url
end
@ -70,6 +84,7 @@ class Puppet::Provider::Openstack::CredentialsV3 < Puppet::Provider::Openstack::
:project_domain_id,
:project_domain_name,
:project_id,
:system_scope,
:trust_id,
:user_domain_id,
:user_domain_name,
@ -82,8 +97,28 @@ class Puppet::Provider::Openstack::CredentialsV3 < Puppet::Provider::Openstack::
KEYS.include?(name.to_sym) || super
end
def user_set?
@username || @user_id
end
def scope_set?
@system_scope || @domain_name || @domain_id || @project_name || @project_id
end
def scope
if @project_name || @project_id
return 'project'
elsif @domain_name || @domain_id
return 'domain'
elsif @system_scope
return 'system'
else
return nil
end
end
def user_password_set?
return true if (@username || @user_id) && @password && (@project_name || @project_id) && @auth_url
return true if user_set? && @password && scope_set? && @auth_url
end
def initialize

6
releasenotes/notes/system-scope-credential-113608525e12a22d.yaml

@ -0,0 +1,6 @@
---
features:
- |
Now ``Puppet::Provider::Openstack::CredentialsV3`` supports system scope
credential and domain scope credential in addition to project scope
credential.

59
spec/unit/provider/openstack/credentials_spec.rb

@ -47,7 +47,7 @@ describe Puppet::Provider::Openstack::Credentials do
describe '#password_set?' do
context "with user credentials" do
it 'is successful' do
it 'is successful with project scope credential' do
creds.auth_url = 'auth_url'
creds.password = 'password'
creds.project_name = 'project_name'
@ -56,6 +56,24 @@ describe Puppet::Provider::Openstack::Credentials do
expect(creds.service_token_set?).to be_falsey
end
it 'is successful with project scope credential' do
creds.auth_url = 'auth_url'
creds.password = 'password'
creds.domain_name = 'domain_name'
creds.username = 'username'
expect(creds.user_password_set?).to be_truthy
expect(creds.service_token_set?).to be_falsey
end
it 'is successful with system scope credential' do
creds.auth_url = 'auth_url'
creds.password = 'password'
creds.system_scope = 'all'
creds.username = 'username'
expect(creds.user_password_set?).to be_truthy
expect(creds.service_token_set?).to be_falsey
end
it 'fails' do
creds.auth_url = 'auth_url'
creds.password = 'password'
@ -87,18 +105,22 @@ describe Puppet::Provider::Openstack::Credentials do
creds.password = 'password'
creds.project_name = 'project_name'
creds.domain_name = 'domain_name'
creds.system_scope = 'system_scope'
creds.username = 'username'
creds.token = 'token'
creds.endpoint = 'endpoint'
creds.region_name = 'region_name'
creds.identity_api_version = 'identity_api_version'
creds.unset
expect(creds.auth_url).to eq('')
expect(creds.password).to eq('')
expect(creds.project_name).to eq('')
expect(creds.domain_name).to eq('')
expect(creds.system_scope).to eq('')
expect(creds.username).to eq('')
expect(creds.token).to eq('')
expect(creds.endpoint).to eq('')
expect(creds.region_name).to eq('')
expect(creds.identity_api_version).to eq('identity_api_version')
newcreds = Puppet::Provider::Openstack::CredentialsV3.new
expect(newcreds.identity_api_version).to eq('3')
@ -112,20 +134,24 @@ describe Puppet::Provider::Openstack::Credentials do
creds.auth_url = 'auth_url'
creds.password = 'password'
creds.project_name = 'project_name'
creds.domain_name = 'domain_name'
creds.system_scope = 'all'
creds.username = 'username'
creds.token = 'token'
creds.endpoint = 'endpoint'
creds.identity_api_version = 'identity_api_version'
creds.region_name = 'Region1'
creds.identity_api_version = 'identity_api_version'
expect(creds.to_env).to eq({
'OS_USERNAME' => 'username',
'OS_PASSWORD' => 'password',
'OS_PROJECT_NAME' => 'project_name',
'OS_DOMAIN_NAME' => 'domain_name',
'OS_SYSTEM_SCOPE' => 'all',
'OS_AUTH_URL' => 'auth_url',
'OS_TOKEN' => 'token',
'OS_ENDPOINT' => 'endpoint',
'OS_IDENTITY_API_VERSION' => 'identity_api_version',
'OS_REGION_NAME' => 'Region1',
'OS_IDENTITY_API_VERSION' => 'identity_api_version',
})
end
end
@ -149,6 +175,24 @@ describe Puppet::Provider::Openstack::Credentials do
expect(creds.user_password_set?).to be_truthy
end
end
describe '#password_set? with username and domain_name' do
it 'is successful' do
creds.auth_url = 'auth_url'
creds.password = 'password'
creds.domain_name = 'domain_name'
creds.username = 'username'
expect(creds.user_password_set?).to be_truthy
end
end
describe '#password_set? with username and system_scope' do
it 'is successful' do
creds.auth_url = 'auth_url'
creds.password = 'password'
creds.system_scope = 'all'
creds.username = 'username'
expect(creds.user_password_set?).to be_truthy
end
end
describe '#password_set? with user_id and project_id' do
it 'is successful' do
creds.auth_url = 'auth_url'
@ -158,5 +202,14 @@ describe Puppet::Provider::Openstack::Credentials do
expect(creds.user_password_set?).to be_truthy
end
end
describe '#password_set? with user_id and domain_id' do
it 'is successful' do
creds.auth_url = 'auth_url'
creds.password = 'password'
creds.domain_id = 'domid'
creds.user_id = 'userid'
expect(creds.user_password_set?).to be_truthy
end
end
end
end

Loading…
Cancel
Save