Make keystone user/role options configurable

Remove hardcode for configure_user(_role) parameter. Change-Id: I15a9fa7f56552b63d62377d60a03d3857977872a Related-Bug: #1527517
2016-01-19 16:59:01 +02:00
parent 908dca10f2
commit 665557f485
2 changed files with 69 additions and 20 deletions
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -39,6 +39,14 @@
 #   (optional) Whether to create the S3 endpoint.
 #   Defaults to true
 #
+# [*configure_user*]
+#   (Optional) Whether to create the service user.
+#   Defaults to 'true'.
+#
+# [*configure_user_role*]
+#   (Optional) Whether to configure the admin role for the service user.
+#   Defaults to 'true'.
+#
 # [*service_name*]
 #   (optional) Name of the service.
 #   Defaults to the value of auth_name, but must differ from the value
@@ -155,6 +163,8 @@ class swift::keystone::auth(
  $service_description_s3 = 'Openstack S3 Service',
  $configure_endpoint     = true,
  $configure_s3_endpoint  = true,
+  $configure_user         = true,
+  $configure_user_role    = true,
  $public_url             = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
  $admin_url              = 'http://127.0.0.1:8080',
  $internal_url           = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
@@ -274,6 +284,8 @@ class swift::keystone::auth(

  keystone::resource::service_identity { 'swift':
    configure_endpoint  => $configure_endpoint,
+    configure_user      => $configure_user,
+    configure_user_role => $configure_user_role,
    service_name        => $real_service_name,
    service_type        => 'object-store',
    service_description => $service_description,
@@ -307,6 +319,8 @@ class swift::keystone::auth(
  }

  # Backward compatibility
-  Keystone_user[$auth_name] -> Keystone_user_role["${auth_name}@${tenant}"]
+  if $configure_user {
+    Keystone_user[$auth_name] -> Keystone_user_role["${auth_name}@${tenant}"]
+  }

 }
--- a/spec/classes/swift_keystone_auth_spec.rb
+++ b/spec/classes/swift_keystone_auth_spec.rb
@@ -135,28 +135,63 @@ describe 'swift::keystone::auth' do
      default_params.merge( params )
    end

-    it { is_expected.to contain_keystone_user(p[:auth_name]).with(
-      :ensure   => 'present',
-      :password => p[:password],
-      :email    => p[:email]
-    )}
+    context 'when user configuration is set to default' do
+      it { is_expected.to contain_keystone_user(p[:auth_name]).with(
+        :ensure   => 'present',
+        :password => p[:password],
+        :email    => p[:email]
+      )}

-    it { is_expected.to contain_keystone_user_role("#{p[:auth_name]}@#{p[:tenant]}").with(
-      :ensure  => 'present',
-      :roles   => ['admin'],
-    )}
+      it { is_expected.to contain_keystone_user_role("#{p[:auth_name]}@#{p[:tenant]}").with(
+        :ensure  => 'present',
+        :roles   => ['admin'],
+      )}

-    it { is_expected.to contain_keystone_service("#{p[:auth_name]}::object-store").with(
-      :ensure      => 'present',
-      :type        => 'object-store',
-      :description => 'Openstack Object-Store Service'
-    )}
+      it { is_expected.to contain_keystone_service("#{p[:auth_name]}::object-store").with(
+        :ensure      => 'present',
+        :type        => 'object-store',
+        :description => 'Openstack Object-Store Service'
+      )}

-    it { is_expected.to contain_keystone_service("#{p[:auth_name]}_s3::s3").with(
-    :ensure      => 'present',
-    :type        => 's3',
-    :description => 'Openstack S3 Service'
-    )}
+      it { is_expected.to contain_keystone_service("#{p[:auth_name]}_s3::s3").with(
+        :ensure      => 'present',
+        :type        => 's3',
+        :description => 'Openstack S3 Service'
+      )}
+    end
+
+    context 'when user configuration is disabled' do
+      before do
+        params.merge!( :configure_user => false )
+      end
+
+      it { is_expected.to_not contain_keystone_user(p[:auth_name]) }
+      it { is_expected.to contain_keystone_user_role("#{p[:auth_name]}@#{p[:tenant]}") }
+
+      it { is_expected.to contain_keystone_service("#{p[:auth_name]}::object-store").with(
+        :ensure       => 'present',
+        :type         => 'object-store',
+        :description  => 'Openstack Object-Store Service'
+        )}
+    end
+
+    context 'when disabling user and role configuration' do
+      before do
+        params.merge!(
+          :configure_user       => false,
+          :configure_user_role  => false
+        )
+      end
+
+        it { is_expected.to_not contain_keystone_user(p[:auth_name]) }
+        it { is_expected.to_not contain_keystone_user_role("#{p[:auth_name]}@#{p[:tenant]}") }
+
+        it { is_expected.to contain_keystone_service("#{p[:auth_name]}::object-store").with(
+          :ensure       => 'present',
+          :type         => 'object-store',
+          :description  => 'Openstack Object-Store Service'
+        )}
+     end
  end

  context 'on Debian platforms' do