Browse Source

Accept system scope credentials for Unified Limits API

This change allows usage of system scope credentials in addition to
project scope credentials to use the Unified Limits API in Keystone.

Change-Id: If4f1633c6dd7adf4b80c0a8cc83ddd3d025d099b
changes/29/823629/6
Takashi Kajinami 6 months ago
parent
commit
937fcf0644
  1. 22
      manifests/limit.pp
  2. 5
      releasenotes/notes/system_scope-keystone-limit-422cbeee81ba84c5.yaml
  3. 22
      spec/defines/oslo_limit_spec.rb

22
manifests/limit.pp

@ -27,6 +27,10 @@
# (Optional) Name of domain for $project_name
# Defaults to 'Default'.
#
# [*system_scope*]
# (Optional) Scope for system operations.
# Defaults to $::os_service_default
#
# [*auth_type*]
# (Optional) Authentication type to load
# Defaults to 'password'.
@ -53,9 +57,10 @@ define oslo::limit(
$username,
$password,
$auth_url,
$project_name,
$project_name = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$auth_type = 'password',
$service_type = $::os_service_default,
$valid_interfaces = $::os_service_default,
@ -63,14 +68,25 @@ define oslo::limit(
$endpoint_override = $::os_service_default,
) {
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
# When system scope is used, project parameters should be removed otherwise
# project scope is used.
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
$limit_options = {
'oslo_limit/endpoint_id' => { value => $endpoint_id },
'oslo_limit/username' => { value => $username },
'oslo_limit/password' => { value => $password, secret => true },
'oslo_limit/auth_url' => { value => $auth_url },
'oslo_limit/project_name' => { value => $project_name },
'oslo_limit/project_name' => { value => $project_name_real },
'oslo_limit/user_domain_name' => { value => $user_domain_name },
'oslo_limit/project_domain_name' => { value => $project_domain_name },
'oslo_limit/project_domain_name' => { value => $project_domain_name_real },
'oslo_limit/system_scope' => { value => $system_scope },
'oslo_limit/auth_type' => { value => $auth_type },
'oslo_limit/service_type' => { value => $service_type },
'oslo_limit/valid_interfaces' => { value => join(any2array($valid_interfaces), ',') },

5
releasenotes/notes/system_scope-keystone-limit-422cbeee81ba84c5.yaml

@ -0,0 +1,5 @@
---
features:
- |
The ``system_scope`` parameter has been added to the ``oslo::limit``
resource type.

22
spec/defines/oslo_limit_spec.rb

@ -12,7 +12,6 @@ describe 'oslo::limit' do
:username => 'keystone',
:password => 'keystone_password',
:auth_url => 'http://127.0.0.1:5000/v3',
:project_name => 'services',
}
end
@ -26,12 +25,13 @@ describe 'oslo::limit' do
is_expected.to contain_keystone_config('oslo_limit/username').with_value('keystone')
is_expected.to contain_keystone_config('oslo_limit/password').with_value('keystone_password').with_secret(true)
is_expected.to contain_keystone_config('oslo_limit/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('services')
end
it 'configures the default params' do
is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/user_domain_name').with_value('Default')
is_expected.to contain_keystone_config('oslo_limit/project_domain_name').with_value('Default')
is_expected.to contain_keystone_config('oslo_limit/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/auth_type').with_value('password')
is_expected.to contain_keystone_config('oslo_limit/service_type').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/valid_interfaces').with_value('<SERVICE DEFAULT>')
@ -43,6 +43,7 @@ describe 'oslo::limit' do
context 'with parameters overridden' do
let :params do
required_params.merge!({
:project_name => 'services',
:user_domain_name => 'UserDomain',
:project_domain_name => 'ProjectDomain',
:auth_type => 'v3password',
@ -54,8 +55,10 @@ describe 'oslo::limit' do
end
it 'configures the overridden values' do
is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('services')
is_expected.to contain_keystone_config('oslo_limit/user_domain_name').with_value('UserDomain')
is_expected.to contain_keystone_config('oslo_limit/project_domain_name').with_value('ProjectDomain')
is_expected.to contain_keystone_config('oslo_limit/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/auth_type').with_value('v3password')
is_expected.to contain_keystone_config('oslo_limit/service_type').with_value('identity')
is_expected.to contain_keystone_config('oslo_limit/valid_interfaces').with_value('admin,internal')
@ -63,6 +66,21 @@ describe 'oslo::limit' do
is_expected.to contain_keystone_config('oslo_limit/endpoint_override').with_value('http://localhost:5000')
end
end
context 'with system_scope' do
let :params do
required_params.merge!({
:project_name => 'services',
:system_scope => 'all',
})
end
it 'configures system_scope but ignore project parameters' do
is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/system_scope').with_value('all')
end
end
end
on_supported_os({

Loading…
Cancel
Save