Make keystone user/role options configurable

Remove hardcode for configure_user(_role) parameter.

Change-Id: I15a9fa7f56552b63d62377d60a03d3857977872a
Related-Bug: #1527517

manifests/keystone/auth.pp

@@ -39,6 +39,14 @@
 #   (optional) Whether to create the S3 endpoint.
 #   Defaults to true
 #
+# [*configure_user*]
+#   (Optional) Whether to create the service user.
+#   Defaults to 'true'.
+#
+# [*configure_user_role*]
+#   (Optional) Whether to configure the admin role for the service user.
+#   Defaults to 'true'.
+#
 # [*service_name*]
 #   (optional) Name of the service.
 #   Defaults to the value of auth_name, but must differ from the value
@@ -155,6 +163,8 @@ class swift::keystone::auth(
   $service_description_s3 = 'Openstack S3 Service',
   $configure_endpoint     = true,
   $configure_s3_endpoint  = true,
+  $configure_user         = true,
+  $configure_user_role    = true,
   $public_url             = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
   $admin_url              = 'http://127.0.0.1:8080',
   $internal_url           = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
@@ -274,6 +284,8 @@ class swift::keystone::auth(
 
   keystone::resource::service_identity { 'swift':
     configure_endpoint  => $configure_endpoint,
+    configure_user      => $configure_user,
+    configure_user_role => $configure_user_role,
     service_name        => $real_service_name,
     service_type        => 'object-store',
     service_description => $service_description,
@@ -307,6 +319,8 @@ class swift::keystone::auth(
   }
 
   # Backward compatibility
+  if $configure_user {
     Keystone_user[$auth_name] -> Keystone_user_role["${auth_name}@${tenant}"]
+  }
 
 }

spec/classes/swift_keystone_auth_spec.rb

@@ -135,6 +135,7 @@ describe 'swift::keystone::auth' do
       default_params.merge( params )
     end
 
+    context 'when user configuration is set to default' do
       it { is_expected.to contain_keystone_user(p[:auth_name]).with(
         :ensure   => 'present',
         :password => p[:password],
@@ -159,6 +160,40 @@ describe 'swift::keystone::auth' do
       )}
     end
 
+    context 'when user configuration is disabled' do
+      before do
+        params.merge!( :configure_user => false )
+      end
+
+      it { is_expected.to_not contain_keystone_user(p[:auth_name]) }
+      it { is_expected.to contain_keystone_user_role("#{p[:auth_name]}@#{p[:tenant]}") }
+
+      it { is_expected.to contain_keystone_service("#{p[:auth_name]}::object-store").with(
+        :ensure       => 'present',
+        :type         => 'object-store',
+        :description  => 'Openstack Object-Store Service'
+        )}
+    end
+
+    context 'when disabling user and role configuration' do
+      before do
+        params.merge!(
+          :configure_user       => false,
+          :configure_user_role  => false
+        )
+      end
+
+        it { is_expected.to_not contain_keystone_user(p[:auth_name]) }
+        it { is_expected.to_not contain_keystone_user_role("#{p[:auth_name]}@#{p[:tenant]}") }
+
+        it { is_expected.to contain_keystone_service("#{p[:auth_name]}::object-store").with(
+          :ensure       => 'present',
+          :type         => 'object-store',
+          :description  => 'Openstack Object-Store Service'
+        )}
+     end
+  end
+
   context 'on Debian platforms' do
     let :facts do
       { :osfamily => 'Debian' }