openstack/puppet-tempest
Code Issues Proposed changes

Support [barbican_rbac_scope_verification] enforce_scope

Browse Source 
barbican-tempest-plugin provides the option to enforce scope check in
policy.

Change-Id: I7aef09121dd5dafee4a6e259fcf0406934fbcbc8
This commit is contained in:
Takashi Kajinami 2023-11-30 22:16:41 +09:00
parent d39407a85e
commit c9ef36444a
3 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/init.pp
View File

@ -187,6 +187,8 @@
# Defaults to false # Defaults to false
# [*manila_available*] # [*manila_available*]
# Defaults to false # Defaults to false
# [*barbican_enforce_scope*]
# Defaults to $facts['os_service_default']
# [*cinder_enforce_scope*] # [*cinder_enforce_scope*]
# Defaults to $facts['os_service_default'] # Defaults to $facts['os_service_default']
# [*glance_enforce_scope*] # [*glance_enforce_scope*]
@ -439,6 +441,7 @@ class tempest(
Boolean $octavia_available = false, Boolean $octavia_available = false,
Boolean $barbican_available = false, Boolean $barbican_available = false,
Boolean $manila_available = false, Boolean $manila_available = false,
$barbican_enforce_scope = $facts['os_service_default'],
$cinder_enforce_scope = $facts['os_service_default'], $cinder_enforce_scope = $facts['os_service_default'],
$glance_enforce_scope = $facts['os_service_default'], $glance_enforce_scope = $facts['os_service_default'],
$keystone_enforce_scope = $facts['os_service_default'], $keystone_enforce_scope = $facts['os_service_default'],
@ -668,6 +671,7 @@ class tempest(
'service_available/zaqar': value => $zaqar_available; 'service_available/zaqar': value => $zaqar_available;
'service_available/ec2api': value => $ec2api_available; 'service_available/ec2api': value => $ec2api_available;
'service_available/octavia': value => $octavia_available; 'service_available/octavia': value => $octavia_available;
'barbican_rbac_scope_verification/enforce_scope': value => $barbican_enforce_scope;
'enforce_scope/cinder': value => $cinder_enforce_scope; 'enforce_scope/cinder': value => $cinder_enforce_scope;
'enforce_scope/designate': value => $designate_enforce_scope; 'enforce_scope/designate': value => $designate_enforce_scope;
'enforce_scope/glance': value => $glance_enforce_scope; 'enforce_scope/glance': value => $glance_enforce_scope;

4
releasenotes/notes/barbican-enforce-scope-66401dc152628330.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- |
The new ``tempest::barbican_enforce_scope`` parameter has been added.

1
spec/classes/tempest_init_spec.rb
View File

@ -318,6 +318,7 @@ describe 'tempest' do
is_expected.to contain_tempest_config('service_available/octavia').with(:value => false) is_expected.to contain_tempest_config('service_available/octavia').with(:value => false)
is_expected.to contain_tempest_config('service_available/barbican').with(:value => false) is_expected.to contain_tempest_config('service_available/barbican').with(:value => false)
is_expected.to contain_tempest_config('service_available/manila').with(:value => false) is_expected.to contain_tempest_config('service_available/manila').with(:value => false)
is_expected.to contain_tempest_config('barbican_rbac_scope_verification/enforce_scope').with(:value => '<SERVICE DEFAULT>')
is_expected.to contain_tempest_config('enforce_scope/cinder').with(:value => '<SERVICE DEFAULT>') is_expected.to contain_tempest_config('enforce_scope/cinder').with(:value => '<SERVICE DEFAULT>')
is_expected.to contain_tempest_config('enforce_scope/glance').with(:value => '<SERVICE DEFAULT>') is_expected.to contain_tempest_config('enforce_scope/glance').with(:value => '<SERVICE DEFAULT>')
is_expected.to contain_tempest_config('enforce_scope/keystone').with(:value => '<SERVICE DEFAULT>') is_expected.to contain_tempest_config('enforce_scope/keystone').with(:value => '<SERVICE DEFAULT>')