diff --git a/manifests/limit.pp b/manifests/limit.pp index 1f320ee..4857f00 100644 --- a/manifests/limit.pp +++ b/manifests/limit.pp @@ -27,6 +27,10 @@ # (Optional) Name of domain for $project_name # Defaults to 'Default'. # +# [*system_scope*] +# (Optional) Scope for system operations. +# Defaults to $::os_service_default +# # [*auth_type*] # (Optional) Authentication type to load # Defaults to 'password'. @@ -53,9 +57,10 @@ define oslo::limit( $username, $password, $auth_url, - $project_name, + $project_name = $::os_service_default, $user_domain_name = 'Default', $project_domain_name = 'Default', + $system_scope = $::os_service_default, $auth_type = 'password', $service_type = $::os_service_default, $valid_interfaces = $::os_service_default, @@ -63,14 +68,25 @@ define oslo::limit( $endpoint_override = $::os_service_default, ) { + if is_service_default($system_scope) { + $project_name_real = $project_name + $project_domain_name_real = $project_domain_name + } else { + # When system scope is used, project parameters should be removed otherwise + # project scope is used. + $project_name_real = $::os_service_default + $project_domain_name_real = $::os_service_default + } + $limit_options = { 'oslo_limit/endpoint_id' => { value => $endpoint_id }, 'oslo_limit/username' => { value => $username }, 'oslo_limit/password' => { value => $password, secret => true }, 'oslo_limit/auth_url' => { value => $auth_url }, - 'oslo_limit/project_name' => { value => $project_name }, + 'oslo_limit/project_name' => { value => $project_name_real }, 'oslo_limit/user_domain_name' => { value => $user_domain_name }, - 'oslo_limit/project_domain_name' => { value => $project_domain_name }, + 'oslo_limit/project_domain_name' => { value => $project_domain_name_real }, + 'oslo_limit/system_scope' => { value => $system_scope }, 'oslo_limit/auth_type' => { value => $auth_type }, 'oslo_limit/service_type' => { value => $service_type }, 'oslo_limit/valid_interfaces' => { value => join(any2array($valid_interfaces), ',') }, diff --git a/releasenotes/notes/system_scope-keystone-limit-422cbeee81ba84c5.yaml b/releasenotes/notes/system_scope-keystone-limit-422cbeee81ba84c5.yaml new file mode 100644 index 0000000..da39344 --- /dev/null +++ b/releasenotes/notes/system_scope-keystone-limit-422cbeee81ba84c5.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The ``system_scope`` parameter has been added to the ``oslo::limit`` + resource type. diff --git a/spec/defines/oslo_limit_spec.rb b/spec/defines/oslo_limit_spec.rb index 718a4f9..606b62f 100644 --- a/spec/defines/oslo_limit_spec.rb +++ b/spec/defines/oslo_limit_spec.rb @@ -12,7 +12,6 @@ describe 'oslo::limit' do :username => 'keystone', :password => 'keystone_password', :auth_url => 'http://127.0.0.1:5000/v3', - :project_name => 'services', } end @@ -26,12 +25,13 @@ describe 'oslo::limit' do is_expected.to contain_keystone_config('oslo_limit/username').with_value('keystone') is_expected.to contain_keystone_config('oslo_limit/password').with_value('keystone_password').with_secret(true) is_expected.to contain_keystone_config('oslo_limit/auth_url').with_value('http://127.0.0.1:5000/v3') - is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('services') end it 'configures the default params' do + is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('') is_expected.to contain_keystone_config('oslo_limit/user_domain_name').with_value('Default') is_expected.to contain_keystone_config('oslo_limit/project_domain_name').with_value('Default') + is_expected.to contain_keystone_config('oslo_limit/system_scope').with_value('') is_expected.to contain_keystone_config('oslo_limit/auth_type').with_value('password') is_expected.to contain_keystone_config('oslo_limit/service_type').with_value('') is_expected.to contain_keystone_config('oslo_limit/valid_interfaces').with_value('') @@ -43,6 +43,7 @@ describe 'oslo::limit' do context 'with parameters overridden' do let :params do required_params.merge!({ + :project_name => 'services', :user_domain_name => 'UserDomain', :project_domain_name => 'ProjectDomain', :auth_type => 'v3password', @@ -54,8 +55,10 @@ describe 'oslo::limit' do end it 'configures the overridden values' do + is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('services') is_expected.to contain_keystone_config('oslo_limit/user_domain_name').with_value('UserDomain') is_expected.to contain_keystone_config('oslo_limit/project_domain_name').with_value('ProjectDomain') + is_expected.to contain_keystone_config('oslo_limit/system_scope').with_value('') is_expected.to contain_keystone_config('oslo_limit/auth_type').with_value('v3password') is_expected.to contain_keystone_config('oslo_limit/service_type').with_value('identity') is_expected.to contain_keystone_config('oslo_limit/valid_interfaces').with_value('admin,internal') @@ -63,6 +66,21 @@ describe 'oslo::limit' do is_expected.to contain_keystone_config('oslo_limit/endpoint_override').with_value('http://localhost:5000') end end + + context 'with system_scope' do + let :params do + required_params.merge!({ + :project_name => 'services', + :system_scope => 'all', + }) + end + + it 'configures system_scope but ignore project parameters' do + is_expected.to contain_keystone_config('oslo_limit/project_name').with_value('') + is_expected.to contain_keystone_config('oslo_limit/project_domain_name').with_value('') + is_expected.to contain_keystone_config('oslo_limit/system_scope').with_value('all') + end + end end on_supported_os({