openstack/puppet-zaqar
Code Issues Proposed changes
1035997c1b
puppet-zaqar/spec/classes/zaqar_keystone_authtoken_spec.rb
Takashi Kajinami fe7da441a6 Accept system scope credentials for Keystone API request 
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: I2a54b0d0c03a98b3fe7a3a4a28051247eea7e70a
2022-01-03 15:28:31 +09:00

171 lines
7.7 KiB
Ruby
Raw Blame History

require 'spec_helper'
describe 'zaqar::keystone::authtoken' do
let :params do
{ :password => 'zaqar_password', }
end
shared_examples 'zaqar::keystone::authtoken' do
context 'with default parameters' do
it 'configure keystone_authtoken' do
is_expected.to contain_keystone__resource__authtoken('zaqar_config').with(
:username => 'zaqar',
:password => 'zaqar_password',
:auth_url => 'http://localhost:5000',
:project_name => 'services',
:user_domain_name => 'Default',
:project_domain_name => 'Default',
:system_scope => '<SERVICE DEFAULT>',
:insecure => '<SERVICE DEFAULT>',
:auth_section => '<SERVICE DEFAULT>',
:auth_type => 'password',
:www_authenticate_uri => 'http://localhost:5000',
:auth_version => '<SERVICE DEFAULT>',
:cache => '<SERVICE DEFAULT>',
:cafile => '<SERVICE DEFAULT>',
:certfile => '<SERVICE DEFAULT>',
:delay_auth_decision => '<SERVICE DEFAULT>',
:enforce_token_bind => '<SERVICE DEFAULT>',
:http_connect_timeout => '<SERVICE DEFAULT>',
:http_request_max_retries => '<SERVICE DEFAULT>',
:include_service_catalog => '<SERVICE DEFAULT>',
:keyfile => '<SERVICE DEFAULT>',
:memcache_pool_conn_get_timeout => '<SERVICE DEFAULT>',
:memcache_pool_dead_retry => '<SERVICE DEFAULT>',
:memcache_pool_maxsize => '<SERVICE DEFAULT>',
:memcache_pool_socket_timeout => '<SERVICE DEFAULT>',
:memcache_pool_unused_timeout => '<SERVICE DEFAULT>',
:memcache_secret_key => '<SERVICE DEFAULT>',
:memcache_security_strategy => '<SERVICE DEFAULT>',
:memcache_use_advanced_pool => '<SERVICE DEFAULT>',
:memcached_servers => '<SERVICE DEFAULT>',
:manage_memcache_package => false,
:region_name => '<SERVICE DEFAULT>',
:token_cache_time => '<SERVICE DEFAULT>',
:service_token_roles => '<SERVICE DEFAULT>',
:service_token_roles_required => '<SERVICE DEFAULT>',
:service_type => '<SERVICE DEFAULT>',
:interface => '<SERVICE DEFAULT>',
)
end
end
context 'when overriding parameters' do
before do
params.merge!({
:www_authenticate_uri => 'https://10.0.0.1:9999/',
:username => 'myuser',
:password => 'mypasswd',
:auth_url => 'http://127.0.0.1:5000',
:project_name => 'service_project',
:user_domain_name => 'domainX',
:project_domain_name => 'domainX',
:system_scope => 'all',
:insecure => false,
:auth_section => 'new_section',
:auth_type => 'password',
:auth_version => 'v3',
:cache => 'somevalue',
:cafile => '/opt/stack/data/cafile.pem',
:certfile => 'certfile.crt',
:delay_auth_decision => false,
:enforce_token_bind => 'permissive',
:http_connect_timeout => '300',
:http_request_max_retries => '3',
:include_service_catalog => true,
:keyfile => 'keyfile',
:memcache_pool_conn_get_timeout => '9',
:memcache_pool_dead_retry => '302',
:memcache_pool_maxsize => '11',
:memcache_pool_socket_timeout => '2',
:memcache_pool_unused_timeout => '61',
:memcache_secret_key => 'secret_key',
:memcache_security_strategy => 'ENCRYPT',
:memcache_use_advanced_pool => true,
:memcached_servers => ['memcached01:11211','memcached02:11211'],
:manage_memcache_package => true,
:region_name => 'region2',
:token_cache_time => '301',
:service_token_roles => ['service'],
:service_token_roles_required => false,
:service_type => 'identity',
:interface => 'internal',
})
end
it 'configure keystone_authtoken' do
is_expected.to contain_keystone__resource__authtoken('zaqar_config').with(
:www_authenticate_uri => 'https://10.0.0.1:9999/',
:username => 'myuser',
:password => 'mypasswd',
:auth_url => 'http://127.0.0.1:5000',
:project_name => 'service_project',
:user_domain_name => 'domainX',
:project_domain_name => 'domainX',
:system_scope => 'all',
:insecure => false,
:auth_section => 'new_section',
:auth_type => 'password',
:auth_version => 'v3',
:cache => 'somevalue',
:cafile => '/opt/stack/data/cafile.pem',
:certfile => 'certfile.crt',
:delay_auth_decision => false,
:enforce_token_bind => 'permissive',
:http_connect_timeout => '300',
:http_request_max_retries => '3',
:include_service_catalog => true,
:keyfile => 'keyfile',
:memcache_pool_conn_get_timeout => '9',
:memcache_pool_dead_retry => '302',
:memcache_pool_maxsize => '11',
:memcache_pool_socket_timeout => '2',
:memcache_pool_unused_timeout => '61',
:memcache_secret_key => 'secret_key',
:memcache_security_strategy => 'ENCRYPT',
:memcache_use_advanced_pool => true,
:memcached_servers => ['memcached01:11211','memcached02:11211'],
:manage_memcache_package => true,
:region_name => 'region2',
:token_cache_time => '301',
:service_token_roles => ['service'],
:service_token_roles_required => false,
:service_type => 'identity',
:interface => 'internal',
)
end
end
context 'when overriding parameters via params hash' do
before do
params.merge!({
:username => 'myuser',
:params => { 'username' => 'myotheruser' },
})
end
it 'configure keystone_authtoken' do
is_expected.to contain_keystone__resource__authtoken('zaqar_config').with(
:username => 'myotheruser',
)
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_configures 'zaqar::keystone::authtoken'
end
end
end
View Git Blame Copy Permalink