openstack/puppet-oslo
Code Issues Proposed changes

Accept system scope credentials for Unified Limits API

Browse Source 
This change allows usage of system scope credentials in addition to
project scope credentials to use the Unified Limits API in Keystone.

Change-Id: If4f1633c6dd7adf4b80c0a8cc83ddd3d025d099b
This commit is contained in:
Takashi Kajinami 2022-01-06 15:38:02 +09:00
parent 9da6c6d9fc
commit 937fcf0644
3 changed files with 44 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
manifests/limit.pp
View File

@ -27,6 +27,10 @@
# (Optional) Name of domain for $project_name
# Defaults to 'Default'.
#
# [*system_scope*]
# (Optional) Scope for system operations.
# Defaults to $::os_service_default
#
# [*auth_type*]
# (Optional) Authentication type to load
# Defaults to 'password'.
@ -53,9 +57,10 @@ define oslo::limit(
$username,
$password,
$auth_url,
$project_name,
$project_name = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$auth_type = 'password',
$service_type = $::os_service_default,
$valid_interfaces = $::os_service_default,
@ -63,14 +68,25 @@ define oslo::limit(
$endpoint_override = $::os_service_default,
) {
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
# When system scope is used, project parameters should be removed otherwise
# project scope is used.
$project_name_real = $::os_service_default
$project_domain_name_real = $::os_service_default
}
$limit_options = {
'oslo_limit/endpoint_id' => { value => $endpoint_id },
'oslo_limit/username' => { value => $username },
'oslo_limit/password' => { value => $password, secret => true },
'oslo_limit/auth_url' => { value => $auth_url },
'oslo_limit/project_name' => { value => $project_name },
'oslo_limit/project_name' => { value => $project_name_real },
'oslo_limit/user_domain_name' => { value => $user_domain_name },
'oslo_limit/project_domain_name' => { value => $project_domain_name },
'oslo_limit/project_domain_name' => { value => $project_domain_name_real },
'oslo_limit/system_scope' => { value => $system_scope },
'oslo_limit/auth_type' => { value => $auth_type },
'oslo_limit/service_type' => { value => $service_type },
'oslo_limit/valid_interfaces' => { value => join(any2array($valid_interfaces), ',') },

5
releasenotes/notes/system_scope-keystone-limit-422cbeee81ba84c5.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- |
The ``system_scope`` parameter has been added to the ``oslo::limit``
resource type.

22
spec/defines/oslo_limit_spec.rb
View File

@ -12,7 +12,6 @@ describe 'oslo::limit' do
:username => 'keystone',
:password => 'keystone_password',
:auth_url => 'http://127.0.0.1:5000/v3',
:project_name => 'services',
}
end
@ -26,12 +25,13 @@ describe 'oslo::limit' do
is_expected.to contain_keystone_config('oslo_limit/username').with_value('keystone')
is_expected.to contain_keystone_config('oslo_limit/password').with_value('keystone_password').with_secret(true)
is_expected.to contain_keystone_config('oslo_limit/auth_url').with_value('http://127.0.0.1:5000/v3')
is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('services')
end
it 'configures the default params' do
is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/user_domain_name').with_value('Default')
is_expected.to contain_keystone_config('oslo_limit/project_domain_name').with_value('Default')
is_expected.to contain_keystone_config('oslo_limit/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/auth_type').with_value('password')
is_expected.to contain_keystone_config('oslo_limit/service_type').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/valid_interfaces').with_value('<SERVICE DEFAULT>')
@ -43,6 +43,7 @@ describe 'oslo::limit' do
context 'with parameters overridden' do
let :params do
required_params.merge!({
:project_name => 'services',
:user_domain_name => 'UserDomain',
:project_domain_name => 'ProjectDomain',
:auth_type => 'v3password',
@ -54,8 +55,10 @@ describe 'oslo::limit' do
end
it 'configures the overridden values' do
is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('services')
is_expected.to contain_keystone_config('oslo_limit/user_domain_name').with_value('UserDomain')
is_expected.to contain_keystone_config('oslo_limit/project_domain_name').with_value('ProjectDomain')
is_expected.to contain_keystone_config('oslo_limit/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/auth_type').with_value('v3password')
is_expected.to contain_keystone_config('oslo_limit/service_type').with_value('identity')
is_expected.to contain_keystone_config('oslo_limit/valid_interfaces').with_value('admin,internal')
@ -63,6 +66,21 @@ describe 'oslo::limit' do
is_expected.to contain_keystone_config('oslo_limit/endpoint_override').with_value('http://localhost:5000')
end
end
context 'with system_scope' do
let :params do
required_params.merge!({
:project_name => 'services',
:system_scope => 'all',
})
end
it 'configures system_scope but ignore project parameters' do
is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_limit/system_scope').with_value('all')
end
end
end
on_supported_os({