introduce trove::keystone::auth class

2014-05-30 18:04:09 +02:00 · 2014-05-30 18:04:09 +02:00 · 2f4abc06c4
commit 2f4abc06c4
parent 2de1f7cacb
4 changed files with 234 additions and 0 deletions
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@ -0,0 +1,121 @@
+#
+# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
+#
+# Author: Emilien Macchi <emilien.macchi@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# trove::keystone::auth
+#
+# Configures Trove user, service and endpoint in Keystone.
+#
+# === Parameters
+#
+# [*password*]
+#   (required) Password for Neutron user.
+#
+# [*auth_name*]
+#   Username for Neutron service. Defaults to 'trove'.
+#
+# [*email*]
+#   Email for Neutron user. Defaults to 'trove@localhost'.
+#
+# [*tenant*]
+#   Tenant for Neutron user. Defaults to 'services'.
+#
+# [*configure_endpoint*]
+#   Should Neutron endpoint be configured? Defaults to 'true'.
+#
+# [*service_type*]
+#   Type of service. Defaults to 'network'.
+#
+# [*public_protocol*]
+#   Protocol for public endpoint. Defaults to 'http'.
+#
+# [*public_address*]
+#   Public address for endpoint. Defaults to '127.0.0.1'.
+#
+# [*admin_protocol*]
+#   Protocol for admin endpoint. Defaults to 'http'.
+#
+# [*admin_address*]
+#   Admin address for endpoint. Defaults to '127.0.0.1'.
+#
+# [*internal_protocol*]
+#   Protocol for internal endpoint. Defaults to 'http'.
+#
+# [*internal_address*]
+#   Internal address for endpoint. Defaults to '127.0.0.1'.
+#
+# [*port*]
+#   Port for endpoint. Defaults to '8779'.
+#
+# [*public_port*]
+#   Port for public endpoint. Defaults to $port.
+#
+# [*region*]
+#   Region for endpoint. Defaults to 'RegionOne'.
+#
+class trove::keystone::auth (
+  $password,
+  $auth_name          = 'trove',
+  $email              = 'trove@localhost',
+  $tenant             = 'services',
+  $configure_endpoint = true,
+  $service_type       = 'network',
+  $public_protocol    = 'http',
+  $public_address     = '127.0.0.1',
+  $admin_protocol     = 'http',
+  $admin_address      = '127.0.0.1',
+  $internal_protocol  = 'http',
+  $internal_address   = '127.0.0.1',
+  $port               = '9696',
+  $public_port        = undef,
+  $region             = 'RegionOne'
+) {
+
+  Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'trove-server' |>
+  Keystone_endpoint["${region}/${auth_name}"]  ~> Service <| name == 'trove-server' |>
+
+  if ! $public_port {
+    $real_public_port = $port
+  } else {
+    $real_public_port = $public_port
+  }
+
+  keystone_user { $auth_name:
+    ensure   => present,
+    password => $password,
+    email    => $email,
+    tenant   => $tenant,
+  }
+  keystone_user_role { "${auth_name}@${tenant}":
+    ensure  => present,
+    roles   => 'admin',
+  }
+  keystone_service { $auth_name:
+    ensure      => present,
+    type        => $service_type,
+    description => 'Trove Database Service',
+  }
+
+  if $configure_endpoint {
+    keystone_endpoint { "${region}/${auth_name}":
+      ensure       => present,
+      public_url   => "${public_protocol}://${public_address}:${real_public_port}/v1.0/\$(tenant_id)s",
+      internal_url => "${internal_protocol}://${internal_address}:${port}/v1.0/\$(tenant_id)s",
+      admin_url    => "${admin_protocol}://${admin_address}:${port}/v1.0/\$(tenant_id)s",
+    }
+
+  }
+}
--- a/spec/classes/trove_keystone_auth_spec.rb
+++ b/spec/classes/trove_keystone_auth_spec.rb
@ -0,0 +1,101 @@
+#
+# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
+#
+# Author: Emilien Macchi <emilien.macchi@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Unit tests for trove::keystone::auth
+#
+
+require 'spec_helper'
+
+describe 'trove::keystone::auth' do
+
+  let :facts do
+    { :osfamily => 'Debian' }
+  end
+
+  describe 'with default class parameters' do
+    let :params do
+      { :password => 'trove_password',
+        :tenant   => 'foobar' }
+    end
+
+    it { should contain_keystone_user('trove').with(
+      :ensure   => 'present',
+      :password => 'trove_password',
+      :tenant   => 'foobar'
+    ) }
+
+    it { should contain_keystone_user_role('trove@foobar').with(
+      :ensure  => 'present',
+      :roles   => 'admin'
+    )}
+
+    it { should contain_keystone_service('trove').with(
+      :ensure      => 'present',
+      :type        => 'database',
+      :description => 'Trove Database Service'
+    ) }
+
+    it { should contain_keystone_endpoint('RegionOne/trove').with(
+      :ensure       => 'present',
+      :public_url   => "http://127.0.0.1:8779/v1.0/\$(tenant_id)s",
+      :admin_url    => "http://127.0.0.1:8779/v1.0/\$(tenant_id)s",
+      :internal_url => "http://127.0.0.1:8779/v1.0/\$(tenant_id)s"
+    ) }
+  end
+
+  describe 'when configuring trove-server' do
+    let :pre_condition do
+      "class { 'trove::server': auth_password => 'test' }"
+    end
+
+    let :params do
+      { :password => 'trove_password',
+        :tenant   => 'foobar' }
+    end
+  end
+
+  describe 'when overriding public_protocol, public_port and public address' do
+    let :params do
+      { :password         => 'trove_password',
+        :public_protocol  => 'https',
+        :public_port      => '80',
+        :public_address   => '10.10.10.10',
+        :port             => '81',
+        :internal_address => '10.10.10.11',
+        :admin_address    => '10.10.10.12' }
+    end
+
+    it { should contain_keystone_endpoint('RegionOne/trove').with(
+      :ensure       => 'present',
+      :public_url   => "https://10.10.10.10:80/v1.0/\$(tenant_id)s",
+      :internal_url => "http://10.10.10.11:81/v1.0/\$(tenant_id)s",
+      :admin_url    => "http://10.10.10.12:81/v1.0/\$(tenant_id)s"
+    ) }
+  end
+
+  describe 'when overriding auth name' do
+    let :params do
+      { :password => 'foo',
+        :auth_name => 'trovey' }
+    end
+
+    it { should contain_keystone_user('trovey') }
+    it { should contain_keystone_user_role('trovey@services') }
+    it { should contain_keystone_service('trovey') }
+    it { should contain_keystone_endpoint('RegionOne/trovey') }
+  end
+end
--- a/spec/shared_examples.rb
+++ b/spec/shared_examples.rb
@ -0,0 +1,5 @@
+shared_examples_for "a Puppet::Error" do |description|
+  it "with message matching #{description.inspect}" do
+    expect { should have_class_count(1) }.to raise_error(Puppet::Error, description)
+  end
+end
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@ -0,0 +1,7 @@
+require 'puppetlabs_spec_helper/module_spec_helper'
+require 'shared_examples'
+
+RSpec.configure do |c|
+  c.alias_it_should_behave_like_to :it_configures, 'configures'
+  c.alias_it_should_behave_like_to :it_raises, 'raises'
+end