Merge "Support system/domain scope credential"
This commit is contained in:
commit
003aef1282
|
@ -32,14 +32,14 @@ module Puppet::Provider::Openstack::Auth
|
||||||
RCFILENAME
|
RCFILENAME
|
||||||
end
|
end
|
||||||
|
|
||||||
def request(service, action, properties=nil, options={})
|
def request(service, action, properties=nil, options={}, scope='project')
|
||||||
properties ||= []
|
properties ||= []
|
||||||
set_credentials(@credentials, get_os_vars_from_env)
|
set_credentials(@credentials, get_os_vars_from_env)
|
||||||
unless @credentials.set?
|
unless @credentials.set? and (!@credentials.scope_set? or @credentials.scope == scope)
|
||||||
@credentials.unset
|
@credentials.unset
|
||||||
set_credentials(@credentials, get_os_vars_from_rcfile(rc_filename))
|
set_credentials(@credentials, get_os_vars_from_rcfile(rc_filename))
|
||||||
end
|
end
|
||||||
unless @credentials.set?
|
unless @credentials.set? and (!@credentials.scope_set? or @credentials.scope == scope)
|
||||||
raise(Puppet::Error::OpenstackAuthInputError, 'Insufficient credentials to authenticate')
|
raise(Puppet::Error::OpenstackAuthInputError, 'Insufficient credentials to authenticate')
|
||||||
end
|
end
|
||||||
super(service, action, properties, @credentials, options)
|
super(service, action, properties, @credentials, options)
|
||||||
|
|
|
@ -40,6 +40,20 @@ class Puppet::Provider::Openstack::Credentials
|
||||||
env
|
env
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def scope_set?
|
||||||
|
@project_name
|
||||||
|
end
|
||||||
|
|
||||||
|
def scope
|
||||||
|
if @project_name
|
||||||
|
return 'project'
|
||||||
|
else
|
||||||
|
# When only service token is used, there is not way to determine
|
||||||
|
# the scope unless we inspect the token using keystone API call.
|
||||||
|
return nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def user_password_set?
|
def user_password_set?
|
||||||
return true if @username && @password && @project_name && @auth_url
|
return true if @username && @password && @project_name && @auth_url
|
||||||
end
|
end
|
||||||
|
@ -70,6 +84,7 @@ class Puppet::Provider::Openstack::CredentialsV3 < Puppet::Provider::Openstack::
|
||||||
:project_domain_id,
|
:project_domain_id,
|
||||||
:project_domain_name,
|
:project_domain_name,
|
||||||
:project_id,
|
:project_id,
|
||||||
|
:system_scope,
|
||||||
:trust_id,
|
:trust_id,
|
||||||
:user_domain_id,
|
:user_domain_id,
|
||||||
:user_domain_name,
|
:user_domain_name,
|
||||||
|
@ -82,8 +97,28 @@ class Puppet::Provider::Openstack::CredentialsV3 < Puppet::Provider::Openstack::
|
||||||
KEYS.include?(name.to_sym) || super
|
KEYS.include?(name.to_sym) || super
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def user_set?
|
||||||
|
@username || @user_id
|
||||||
|
end
|
||||||
|
|
||||||
|
def scope_set?
|
||||||
|
@system_scope || @domain_name || @domain_id || @project_name || @project_id
|
||||||
|
end
|
||||||
|
|
||||||
|
def scope
|
||||||
|
if @project_name || @project_id
|
||||||
|
return 'project'
|
||||||
|
elsif @domain_name || @domain_id
|
||||||
|
return 'domain'
|
||||||
|
elsif @system_scope
|
||||||
|
return 'system'
|
||||||
|
else
|
||||||
|
return nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def user_password_set?
|
def user_password_set?
|
||||||
return true if (@username || @user_id) && @password && (@project_name || @project_id) && @auth_url
|
return true if user_set? && @password && scope_set? && @auth_url
|
||||||
end
|
end
|
||||||
|
|
||||||
def initialize
|
def initialize
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Now ``Puppet::Provider::Openstack::CredentialsV3`` supports system scope
|
||||||
|
credential and domain scope credential in addition to project scope
|
||||||
|
credential.
|
|
@ -47,7 +47,7 @@ describe Puppet::Provider::Openstack::Credentials do
|
||||||
|
|
||||||
describe '#password_set?' do
|
describe '#password_set?' do
|
||||||
context "with user credentials" do
|
context "with user credentials" do
|
||||||
it 'is successful' do
|
it 'is successful with project scope credential' do
|
||||||
creds.auth_url = 'auth_url'
|
creds.auth_url = 'auth_url'
|
||||||
creds.password = 'password'
|
creds.password = 'password'
|
||||||
creds.project_name = 'project_name'
|
creds.project_name = 'project_name'
|
||||||
|
@ -56,6 +56,24 @@ describe Puppet::Provider::Openstack::Credentials do
|
||||||
expect(creds.service_token_set?).to be_falsey
|
expect(creds.service_token_set?).to be_falsey
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'is successful with project scope credential' do
|
||||||
|
creds.auth_url = 'auth_url'
|
||||||
|
creds.password = 'password'
|
||||||
|
creds.domain_name = 'domain_name'
|
||||||
|
creds.username = 'username'
|
||||||
|
expect(creds.user_password_set?).to be_truthy
|
||||||
|
expect(creds.service_token_set?).to be_falsey
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is successful with system scope credential' do
|
||||||
|
creds.auth_url = 'auth_url'
|
||||||
|
creds.password = 'password'
|
||||||
|
creds.system_scope = 'all'
|
||||||
|
creds.username = 'username'
|
||||||
|
expect(creds.user_password_set?).to be_truthy
|
||||||
|
expect(creds.service_token_set?).to be_falsey
|
||||||
|
end
|
||||||
|
|
||||||
it 'fails' do
|
it 'fails' do
|
||||||
creds.auth_url = 'auth_url'
|
creds.auth_url = 'auth_url'
|
||||||
creds.password = 'password'
|
creds.password = 'password'
|
||||||
|
@ -87,18 +105,22 @@ describe Puppet::Provider::Openstack::Credentials do
|
||||||
creds.password = 'password'
|
creds.password = 'password'
|
||||||
creds.project_name = 'project_name'
|
creds.project_name = 'project_name'
|
||||||
creds.domain_name = 'domain_name'
|
creds.domain_name = 'domain_name'
|
||||||
|
creds.system_scope = 'system_scope'
|
||||||
creds.username = 'username'
|
creds.username = 'username'
|
||||||
creds.token = 'token'
|
creds.token = 'token'
|
||||||
creds.endpoint = 'endpoint'
|
creds.endpoint = 'endpoint'
|
||||||
|
creds.region_name = 'region_name'
|
||||||
creds.identity_api_version = 'identity_api_version'
|
creds.identity_api_version = 'identity_api_version'
|
||||||
creds.unset
|
creds.unset
|
||||||
expect(creds.auth_url).to eq('')
|
expect(creds.auth_url).to eq('')
|
||||||
expect(creds.password).to eq('')
|
expect(creds.password).to eq('')
|
||||||
expect(creds.project_name).to eq('')
|
expect(creds.project_name).to eq('')
|
||||||
expect(creds.domain_name).to eq('')
|
expect(creds.domain_name).to eq('')
|
||||||
|
expect(creds.system_scope).to eq('')
|
||||||
expect(creds.username).to eq('')
|
expect(creds.username).to eq('')
|
||||||
expect(creds.token).to eq('')
|
expect(creds.token).to eq('')
|
||||||
expect(creds.endpoint).to eq('')
|
expect(creds.endpoint).to eq('')
|
||||||
|
expect(creds.region_name).to eq('')
|
||||||
expect(creds.identity_api_version).to eq('identity_api_version')
|
expect(creds.identity_api_version).to eq('identity_api_version')
|
||||||
newcreds = Puppet::Provider::Openstack::CredentialsV3.new
|
newcreds = Puppet::Provider::Openstack::CredentialsV3.new
|
||||||
expect(newcreds.identity_api_version).to eq('3')
|
expect(newcreds.identity_api_version).to eq('3')
|
||||||
|
@ -112,20 +134,24 @@ describe Puppet::Provider::Openstack::Credentials do
|
||||||
creds.auth_url = 'auth_url'
|
creds.auth_url = 'auth_url'
|
||||||
creds.password = 'password'
|
creds.password = 'password'
|
||||||
creds.project_name = 'project_name'
|
creds.project_name = 'project_name'
|
||||||
|
creds.domain_name = 'domain_name'
|
||||||
|
creds.system_scope = 'all'
|
||||||
creds.username = 'username'
|
creds.username = 'username'
|
||||||
creds.token = 'token'
|
creds.token = 'token'
|
||||||
creds.endpoint = 'endpoint'
|
creds.endpoint = 'endpoint'
|
||||||
creds.identity_api_version = 'identity_api_version'
|
|
||||||
creds.region_name = 'Region1'
|
creds.region_name = 'Region1'
|
||||||
|
creds.identity_api_version = 'identity_api_version'
|
||||||
expect(creds.to_env).to eq({
|
expect(creds.to_env).to eq({
|
||||||
'OS_USERNAME' => 'username',
|
'OS_USERNAME' => 'username',
|
||||||
'OS_PASSWORD' => 'password',
|
'OS_PASSWORD' => 'password',
|
||||||
'OS_PROJECT_NAME' => 'project_name',
|
'OS_PROJECT_NAME' => 'project_name',
|
||||||
|
'OS_DOMAIN_NAME' => 'domain_name',
|
||||||
|
'OS_SYSTEM_SCOPE' => 'all',
|
||||||
'OS_AUTH_URL' => 'auth_url',
|
'OS_AUTH_URL' => 'auth_url',
|
||||||
'OS_TOKEN' => 'token',
|
'OS_TOKEN' => 'token',
|
||||||
'OS_ENDPOINT' => 'endpoint',
|
'OS_ENDPOINT' => 'endpoint',
|
||||||
'OS_IDENTITY_API_VERSION' => 'identity_api_version',
|
|
||||||
'OS_REGION_NAME' => 'Region1',
|
'OS_REGION_NAME' => 'Region1',
|
||||||
|
'OS_IDENTITY_API_VERSION' => 'identity_api_version',
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -149,6 +175,24 @@ describe Puppet::Provider::Openstack::Credentials do
|
||||||
expect(creds.user_password_set?).to be_truthy
|
expect(creds.user_password_set?).to be_truthy
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
describe '#password_set? with username and domain_name' do
|
||||||
|
it 'is successful' do
|
||||||
|
creds.auth_url = 'auth_url'
|
||||||
|
creds.password = 'password'
|
||||||
|
creds.domain_name = 'domain_name'
|
||||||
|
creds.username = 'username'
|
||||||
|
expect(creds.user_password_set?).to be_truthy
|
||||||
|
end
|
||||||
|
end
|
||||||
|
describe '#password_set? with username and system_scope' do
|
||||||
|
it 'is successful' do
|
||||||
|
creds.auth_url = 'auth_url'
|
||||||
|
creds.password = 'password'
|
||||||
|
creds.system_scope = 'all'
|
||||||
|
creds.username = 'username'
|
||||||
|
expect(creds.user_password_set?).to be_truthy
|
||||||
|
end
|
||||||
|
end
|
||||||
describe '#password_set? with user_id and project_id' do
|
describe '#password_set? with user_id and project_id' do
|
||||||
it 'is successful' do
|
it 'is successful' do
|
||||||
creds.auth_url = 'auth_url'
|
creds.auth_url = 'auth_url'
|
||||||
|
@ -158,5 +202,14 @@ describe Puppet::Provider::Openstack::Credentials do
|
||||||
expect(creds.user_password_set?).to be_truthy
|
expect(creds.user_password_set?).to be_truthy
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
describe '#password_set? with user_id and domain_id' do
|
||||||
|
it 'is successful' do
|
||||||
|
creds.auth_url = 'auth_url'
|
||||||
|
creds.password = 'password'
|
||||||
|
creds.domain_id = 'domid'
|
||||||
|
creds.user_id = 'userid'
|
||||||
|
expect(creds.user_password_set?).to be_truthy
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue