Browse Source

Merge "[train-squash] Backport tripleo-keystone-resources role" into stable/train

changes/20/706620/3
Zuul Gerrit Code Review 1 week ago
parent
commit
a12b4c4324
26 changed files with 1186 additions and 12 deletions
  1. +6
    -0
      doc/source/roles/role-tripleo-keystone-resources.rst
  2. +99
    -8
      tripleo_ansible/ansible_plugins/filter/helpers.py
  3. +29
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/defaults/main.yml
  4. +44
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/meta/main.yml
  5. +37
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile
  6. +15
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile.keystone
  7. +40
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/molecule.yml
  8. +51
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/playbook.yml
  9. +43
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/prepare.yml
  10. +93
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/start_keystone.sh
  11. +93
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/admin.yml
  12. +53
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/clouds.yml
  13. +37
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/domains.yml
  14. +40
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/endpoints.yml
  15. +20
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_new.yml
  16. +24
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_old.yml
  17. +21
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/loop-endpoints.yml
  18. +101
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/main.yml
  19. +38
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/projects.yml
  20. +37
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/roles.yml
  21. +39
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/services.yml
  22. +43
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_per_role.yml
  23. +22
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_roles.yml
  24. +40
    -0
      tripleo_ansible/roles/tripleo-keystone-resources/tasks/users.yml
  25. +111
    -4
      tripleo_ansible/tests/plugins/filter/test_helpers.py
  26. +10
    -0
      zuul.d/molecule.yaml

+ 6
- 0
doc/source/roles/role-tripleo-keystone-resources.rst View File

@@ -0,0 +1,6 @@
=================================
Role - tripleo-keystone-resources
=================================

.. ansibleautoplugin::
:role: tripleo_ansible/roles/tripleo-keystone-resources

+ 99
- 8
tripleo_ansible/ansible_plugins/filter/helpers.py View File

@@ -37,7 +37,10 @@ class FilterModule(object):
'needs_delete': self.needs_delete,
'haskey': self.haskey,
'list_of_keys': self.list_of_keys,
'container_exec_cmd': self.container_exec_cmd
'container_exec_cmd': self.container_exec_cmd,
'get_key_from_dict': self.get_key_from_dict,
'get_role_assignments': self.get_role_assignments,
'get_domain_id': self.get_domain_id
}

def subsort(self, dict_to_sort, attribute, null_value=0):
@@ -157,11 +160,10 @@ class FilterModule(object):

return to_delete

def haskey(self, batched_container_data, attribute, value=None,
reverse=False, any=False):
"""Return container data with a specific config key.
def haskey(self, data, attribute, value=None, reverse=False, any=False):
"""Return dict data with a specific key.

This filter will take a list of dictionaries (batched_container_data)
This filter will take a list of dictionaries (data)
and will return the dictionnaries which have a certain key given
in parameter with 'attribute'.
If reverse is set to True, the returned list won't contain dictionaries
@@ -170,11 +172,11 @@ class FilterModule(object):
the list of values for "value" parameter which has to be a list.
"""
return_list = []
for container in batched_container_data:
for k, v in json.loads(json.dumps(container)).items():
for i in data:
for k, v in json.loads(json.dumps(i)).items():
if attribute in v and not reverse:
if value is None:
return_list.append({k: v})
return_list.append(i)
else:
if isinstance(value, list) and any:
if v[attribute] in value:
@@ -201,6 +203,39 @@ class FilterModule(object):
list_of_keys.append(k)
return list_of_keys

def get_key_from_dict(self, data, key, strict=False, default=None):
"""Return a list of unique values from a specific key from a dict.

This filter takes in input a list of dictionaries and for each of them
it will add the value of a specific key into returned_list and
returns it sorted. If the key has to be part of the dict, set strict to
True. A default can be set if the key doesn't exist but strict has to
be set to False.
"""
returned_list = []
for i in data.items():
value = i[1].get(key)
if value is None and not strict and default is not None:
value = default
if value is None:
if strict:
raise TypeError('Missing %s key in '
'%s' % (key, i[0]))
else:
continue
if isinstance(value, list):
for v in value:
if v not in returned_list:
returned_list.append(v)
elif isinstance(value, dict):
for k, v in value.items():
if v not in returned_list:
returned_list.append({k: v})
else:
if value not in returned_list:
returned_list.append(value)
return returned_list

def list_or_dict_arg(self, data, cmd, key, arg):
"""Utility to build a command and its argument with list or dict data.

@@ -235,3 +270,59 @@ class FilterModule(object):
self.list_or_dict_arg(data, cmd, 'environment', '--env')
cmd.extend(data['command'])
return cmd

def get_role_assignments(self, data, default_role='admin',
default_project='service'):
"""Return a dict of all roles and their users.

This filter takes in input the keystone resources data and
returns a dict where each key is a role and its users assigned.
If 'domain' or 'project' are specified, they are added to the user
entry; so the user will be assign to the domain or the project.
If no domain and no project are specified, default_project will be
used.
Note that domain and project are mutually exclusive in Keystone v3.
"""
returned_dict = {}
for d in data:
for k, v in d.items():
roles = v.get('roles', default_role)
domain = v.get('domain')
project = v.get('project')

if domain is not None and project is not None:
raise TypeError('domain and project need to be mutually '
'exclusive for user: %s' % k)

if isinstance(roles, list):
for r in roles:
if r not in returned_dict:
returned_dict[r] = []
if domain is not None:
returned_dict[r].append({k: {'domain': domain}})
elif project is not None:
returned_dict[r].append({k: {'project': project}})
else:
returned_dict[r].append({k: {'project':
default_project}})
else:
if roles not in returned_dict:
returned_dict[roles] = []
if domain is not None:
returned_dict[roles].append({k: {'domain': domain}})
elif project is not None:
returned_dict[roles].append({k: {'project': project}})
else:
returned_dict[roles].append({k: {'project':
default_project}})
return returned_dict

def get_domain_id(self, domain_name, all_domains):
"""Return the ID of a domain by its name.

This filter taks in input a domain name and a dictionary with all
domain informations.
"""
for d in all_domains:
if d.get('name') == domain_name:
return d.get('id')

+ 29
- 0
tripleo_ansible/roles/tripleo-keystone-resources/defaults/main.yml View File

@@ -0,0 +1,29 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


# All variables intended for modification should be placed in this file.

# All variables within this role should have a prefix of "tripleo_keystone_resources"
tripleo_keystone_resources_cloud_name: openstack
tripleo_keystone_resources_cloud_config: {}
tripleo_keystone_resources_clouds_file_path: /etc/openstack/clouds.yaml
tripleo_keystone_resources_clouds_file_owner: root
tripleo_keystone_resources_clouds_file_group: root
tripleo_keystone_resources_clouds_file_mode: '0644'
tripleo_keystone_resources_catalog_config: {}
tripleo_keystone_resources_member_role_enabled: false
tripleo_keystone_resources_batch: 10

+ 44
- 0
tripleo_ansible/roles/tripleo-keystone-resources/meta/main.yml View File

@@ -0,0 +1,44 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo-keystone-resources
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Fedora
versions:
- 28
- name: CentOS
versions:
- 7

galaxy_tags:
- tripleo


# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
dependencies: []

+ 37
- 0
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile View File

@@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}

RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi

{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}


CMD ["sh", "-c", "while true; do sleep 10000; done"]

+ 15
- 0
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile.keystone View File

@@ -0,0 +1,15 @@
FROM centos:7
LABEL maintainer="dev@cloudesire.com"

ENV OS_RELEASE=train

RUN yum clean all \
&& yum -y update \
&& yum -y install centos-release-openstack-${OS_RELEASE} \
&& yum -y install openstack-keystone openstack-utils python-openstackclient \
&& yum clean all

COPY start_keystone.sh /
EXPOSE 5000 35357

CMD ["/start_keystone.sh"]

+ 40
- 0
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/molecule.yml View File

@@ -0,0 +1,40 @@
---
driver:
name: docker

log: true

platforms:
- name: centos7
hostname: centos7
image: centos:7
dockerfile: Dockerfile
network_mode: host
easy_install:
- pip
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"

provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml

scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy

lint:
enabled: false

verifier:
name: testinfra
lint:
name: flake8

+ 51
- 0
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/playbook.yml View File

@@ -0,0 +1,51 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


- name: Converge
hosts: all
tasks:
- name: Create openstack directory
file:
path: /etc/openstack
state: directory
- name: Configure /etc/openstack/clouds.yaml
include_role:
name: tripleo-keystone-resources
tasks_from: clouds
vars:
tripleo_keystone_resources_cloud_name: openstack
tripleo_keystone_resources_cloud_config:
auth:
auth_url: http://localhost:5000/
project_name: "admin"
username: "admin"
password: "ADMIN_PASS"
project_domain_id: default
user_domain_id: default
identity_api_version: 3
region_name: RegionOne
- name: Create keystone admin resources
include_role:
name: tripleo-keystone-resources
tasks_from: admin
vars:
tripleo_keystone_resources_cloud_name: openstack
tripleo_keystone_resources_region: RegionOne
tripleo_keystone_resources_admin_password: "ADMIN_PASS"
tripleo_keystone_resources_admin_endpoint: "http://localhost:35357"
tripleo_keystone_resources_internal_endpoint: "http://localhost:5000"
tripleo_keystone_resources_public_endpoint: "http://localhost:5000"

+ 43
- 0
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/prepare.yml View File

@@ -0,0 +1,43 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- hosts: localhost
connection: local
tasks:

- name: Build keystone container
shell: docker build -t keystone-img -f Dockerfile.keystone .

- name: Run keystone container
shell: docker run -d -p 5000:5000 --name keystone-docker keystone-img

- name: Prepare
hosts: all
tasks:

- include_role:
name: test_deps
vars:
test_deps_setup_tripleo: true

- name: Instal pre packages
package:
name:
- python-setuptools
- python-openstacksdk
- python-openstackclient
- python-keystoneclient
- ansible

+ 93
- 0
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/start_keystone.sh View File

@@ -0,0 +1,93 @@
#!/bin/bash
set -x

### Openstack Keystone

: ${OS_RELEASE:=queens}
: ${IPADDR:=127.0.0.1}
# Identity service configuration
: ${OS_IDENTITY_URL_IPADDR:=$IPADDR}
: ${OS_IDENTITY_API_VERSION:=3}
: ${OS_IDENTITY_SERVICE_REGION:=RegionOne}
: ${OS_IDENTITY_SERVICE_NAME:=keystone}
: ${OS_IDENTITY_ADMIN_DOMAIN:=default}
: ${OS_IDENTITY_ADMIN_PROJECT:=admin}
: ${OS_IDENTITY_ADMIN_USERNAME:=admin}
: ${OS_IDENTITY_ADMIN_PASSWD:=ADMIN_PASS}
: ${OS_IDENTITY_ADMIN_ROLE:=admin}
: ${OS_IDENTITY_URL_ADMIN:=http://${IPADDR}:35357}
: ${OS_IDENTITY_URL_INTERNAL:=http://${IPADDR}:5000}
: ${OS_IDENTITY_URL_PUBLIC:=http://${IPADDR}:5000}
# Object store configuration
: ${OS_OBJECTSTORE_URL_IPADDR:=$IPADDR}
: ${OS_OBJECTSTORE_SERVICE_REGION:=RegionOne}
: ${OS_OBJECTSTORE_SERVICE_NAME:=openio-swift}
: ${OS_OBJECTSTORE_SERVICE_DESC:=OpenIO Swift Object Storage Service}
: ${OS_OBJECTSTORE_DOMAIN:=default}
: ${OS_OBJECTSTORE_PROJECT:=service}
: ${OS_OBJECTSTORE_USERNAME:=swift}
: ${OS_OBJECTSTORE_PASSWD:=SWIFT_PASS}
: ${OS_OBJECTSTORE_ROLE:=admin}
: ${OS_OBJECTSTORE_URL_ADMIN:=http://${IPADDR}:6007/v1}
: ${OS_OBJECTSTORE_URL_INTERNAL:=http://${IPADDR}:6007/v1/AUTH_%(tenant_id)s}
: ${OS_OBJECTSTORE_URL_PUBLIC:=http://${IPADDR}:6007/v1/AUTH_%(tenant_id)s}
# Demo user setup
: ${OS_USER_DEMO_DOMAIN:=default}
: ${OS_USER_DEMO_PROJECT:=demo}
: ${OS_USER_DEMO_USERNAME:=demo}
: ${OS_USER_DEMO_PASSWD:=DEMO_PASS}
: ${OS_USER_DEMO_ROLE:=admin}

echo '> Configuring Keystone ...'
# Set log to stderr for Docker
openstack-config --set /etc/keystone/keystone.conf DEFAULT use_stderr True
# Use a local sqlite database for demo purposes
openstack-config --set /etc/keystone/keystone.conf database connection 'sqlite:////var/lib/keystone/keystone.db'
keystone-manage credential_setup \
--keystone-user keystone \
--keystone-group keystone
keystone-manage fernet_setup \
--keystone-user keystone \
--keystone-group keystone
keystone-manage db_sync
keystone-manage bootstrap \
--bootstrap-project-name "$OS_IDENTITY_ADMIN_PROJECT" \
--bootstrap-username "$OS_IDENTITY_ADMIN_USERNAME" \
--bootstrap-username "$OS_IDENTITY_ADMIN_USERNAME" \
--bootstrap-password "$OS_IDENTITY_ADMIN_PASSWD" \
--bootstrap-role-name "$OS_IDENTITY_ADMIN_ROLE" \
--bootstrap-service-name "$OS_IDENTITY_SERVICE_NAME" \
--bootstrap-region-id "$OS_IDENTITY_SERVICE_REGION" \
--bootstrap-admin-url "$OS_IDENTITY_URL_ADMIN" \
--bootstrap-public-url "$OS_IDENTITY_URL_PUBLIC" \
--bootstrap-internal-url "$OS_IDENTITY_URL_INTERNAL"

# Using uwsgi for demo purposes
echo '> Starting Keystone admin service ...'
/usr/bin/keystone-wsgi-admin --port 35357 &


# Admin credentials
cat <<EOF >/keystone_adminrc
export OS_IDENTITY_API_VERSION="$OS_IDENTITY_API_VERSION"
#export OS_AUTH_URL="$OS_IDENTITY_URL_PUBLIC"
export OS_AUTH_URL="$OS_IDENTITY_URL_ADMIN"
export OS_USER_DOMAIN_ID="$OS_IDENTITY_ADMIN_DOMAIN"
export OS_PROJECT_DOMAIN_ID="$OS_IDENTITY_ADMIN_DOMAIN"
export OS_PROJECT_NAME="$OS_IDENTITY_ADMIN_PROJECT"
export OS_USERNAME="$OS_IDENTITY_ADMIN_USERNAME"
export OS_PASSWORD="$OS_IDENTITY_ADMIN_PASSWD"
EOF
source /keystone_adminrc

# Keystone policy
cat <<EOF >/etc/keystone/policy.json
{
"admin_or_owner": "role:admin or project_id:%(project_id)s",
"default": "rule:admin_or_owner",
"admin_api": "role:admin"
}
EOF

echo '> Starting Keystone public service ...'
/usr/bin/keystone-wsgi-public --port 5000

+ 93
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/admin.yml View File

@@ -0,0 +1,93 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Create default domain
os_keystone_domain:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: default

- name: Create admin and service projects
include_tasks: projects.yml
vars:
batched_tripleo_keystone_resources_projects:
- admin
- service

- name: Create admin role
os_keystone_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: admin

- name: Create _member_ role
os_keystone_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: _member_
when:
- keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled)

- name: Create admin user
os_user:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: admin
password: "{{ tripleo_keystone_resources_admin_password }}"
email: "admin@localhost"
domain: default

- name: Assign admin role to admin project for admin user
os_user_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
user: admin
project: admin
role: admin

- name: Assign _member_ role to admin project for admin user
os_user_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
user: admin
project: admin
role: '_member_'
when:
- keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled)

- name: Create identity service
os_keystone_service:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: keystone
service_type: identity

- name: Create identity public endpoint
os_keystone_endpoint:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
service: keystone
url: "{{ tripleo_keystone_resources_public_endpoint }}"
endpoint_interface: public
region: "{{ tripleo_keystone_resources_region }}"

- name: Create identity internal endpoint
os_keystone_endpoint:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
service: keystone
url: "{{ tripleo_keystone_resources_internal_endpoint }}"
endpoint_interface: internal
region: "{{ tripleo_keystone_resources_region }}"

- name: Create identity admin endpoint
os_keystone_endpoint:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
service: keystone
url: "{{ tripleo_keystone_resources_admin_endpoint }}"
endpoint_interface: admin
region: "{{ tripleo_keystone_resources_region }}"

+ 53
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/clouds.yml View File

@@ -0,0 +1,53 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

- name: "Check if {{ tripleo_keystone_resources_clouds_file_path }} exists"
become: true
stat:
path: "{{ tripleo_keystone_resources_clouds_file_path }}"
register: attr_clouds

# This task is required or config_template will fail if the src file didn't exist
- name: "Create empty {{ tripleo_keystone_resources_clouds_file_path }} if it does not exist"
become: true
copy:
content: |-
---
clouds: {}
dest: "{{ tripleo_keystone_resources_clouds_file_path }}"
when:
- not attr_clouds.stat.exists

- name: "Configure {{ tripleo_keystone_resources_clouds_file_path }}"
include_role:
name: tripleo-config
vars:
tripleo_config_dest: "{{ tripleo_keystone_resources_clouds_file_path }}"
tripleo_config_group: "{{ tripleo_keystone_resources_clouds_file_group }}"
tripleo_config_mode: "{{ tripleo_keystone_resources_clouds_file_mode }}"
tripleo_config_overrides: |-
{% set cloud_config = {'clouds': {}} %}
{% set _ = cloud_config['clouds'].__setitem__(
tripleo_keystone_resources_cloud_name,
tripleo_keystone_resources_cloud_config
)
%}
{{ cloud_config }}
tripleo_config_owner: "{{ tripleo_keystone_resources_clouds_file_owner }}"
tripleo_config_remote_src: true
tripleo_config_src: "{{ tripleo_keystone_resources_clouds_file_path }}"
tripleo_config_type: yaml

+ 37
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/domains.yml View File

@@ -0,0 +1,37 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Async creation of Keystone domains
os_keystone_domain:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: "{{ tripleo_keystone_resources_domain }}"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_domain_results
loop: "{{ batched_tripleo_keystone_resources_data }}"
loop_control:
loop_var: tripleo_keystone_resources_domain

- name: Check Keystone domain status
async_status:
jid: "{{ tripleo_keystone_resources_domain_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_domain_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_domain_async_result_item"
register: tripleo_keystone_resources_domain_async_poll_results
until: tripleo_keystone_resources_domain_async_poll_results.finished
retries: 30

+ 40
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/endpoints.yml View File

@@ -0,0 +1,40 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: "Async creation of Keystone {{ keystone_endpoint_type }} endpoint"
os_keystone_endpoint:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
service: "{{ tripleo_keystone_resources_data.key }}"
url: "{{ tripleo_keystone_resources_data['value']['endpoints'][keystone_endpoint_type] }}"
endpoint_interface: "{{ keystone_endpoint_type }}"
region: "{{ tripleo_keystone_resources_data.value.region }}"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_endpoint_results
loop: "{{ batched_tripleo_keystone_resources_data }}"
loop_control:
loop_var: tripleo_keystone_resources_data

- name: "Check Keystone {{ keystone_endpoint_type }} endpoint status"
async_status:
jid: "{{ tripleo_keystone_resources_endpoint_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_endpoint_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_endpoint_async_result_item"
register: tripleo_keystone_resources_endpoint_async_poll_results
until: tripleo_keystone_resources_endpoint_async_poll_results.finished
retries: 30

+ 20
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_new.yml View File

@@ -0,0 +1,20 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Collect OpenStack Keystone domains infos
os_keystone_domain_info:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
register: openstack_domains

+ 24
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_old.yml View File

@@ -0,0 +1,24 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
- name: Collect OpenStack Keystone domains facts
os_keystone_domain_facts:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
register: tripleo_domains_facts

- name: Create openstack_domains fact
set_fact:
openstack_domains: "{{ tripleo_domains_facts['ansible_facts']['openstack_domains'] }}"

+ 21
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/loop-endpoints.yml View File

@@ -0,0 +1,21 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: "Create Keystone {{ keystone_endpoint_type }} endpoints"
include_tasks: endpoints.yml
loop: "{{ tripleo_keystone_resources_catalog_config | dict2items | haskey(attribute='endpoints') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_data

+ 101
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/main.yml View File

@@ -0,0 +1,101 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


# "tripleo-keystone-resources" will search for and load any operating system variable file

# found within the "vars/" path. If no OS files are found the task will skip.
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- skip: true
files:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
- "{{ ansible_os_family | lower }}.yml"
tags:
- always

- name: Create Keystone Admin resources
include_tasks: admin.yml

- name: Create Keystone Projects
include_tasks: projects.yml
loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='project', default='service') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_projects

- name: Create Keystone Domains
include_tasks: domains.yml
loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='domains') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_data

# We need to gather domains so later we can convert a domain name into a domain ID.
# This is needed because os_user_role doesn't do the conversion yet in the version
# of Ansible that we use. This block will disappear once we use the new modules
# from OpenStack collections.
# In recents version of Ansible, this module was renamed to os_keystone_domain_info.
# Which is why we don't use the same module to gather domains infos.
- name: Gather all OpenStack domains for Ansible < 2.9.2
include_tasks: gather_domains_old.yml
# See https://github.com/ansible/ansible/commit/c91929b2b302b37af22d785641a7fe704003662a
when:
- ansible_version.full is version_compare('2.9.2', '<')

- name: Gather all OpenStack domains for Ansible >= 2.9.2
include_tasks: gather_domains_new.yml
# See https://github.com/ansible/ansible/commit/c91929b2b302b37af22d785641a7fe704003662a
when:
- ansible_version.full is version_compare('2.9.2', '>=')

- name: Create Keystone Services
include_tasks: services.yml
loop: "{{ tripleo_keystone_resources_catalog_config | dict2items | haskey(attribute='service') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_data

- name: Create Keystone Endpoints
include_tasks: loop-endpoints.yml
loop:
- public
- admin
- internal
loop_control:
loop_var: keystone_endpoint_type

- name: Create Keystone Roles
include_tasks: roles.yml
loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='roles', default='service') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_roles

- name: "Create Keystone Users"
include_tasks: users.yml
loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='users') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_data

- name: "Assign Keystone Users to Roles"
include_tasks: user_roles.yml
loop: >-
{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='users') |
get_role_assignments(default_project=tripleo_keystone_resources_service_project) | dict2items }}
loop_control:
loop_var: batched_tripleo_keystone_resources_roles_data

+ 38
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/projects.yml View File

@@ -0,0 +1,38 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Async creation of Keystone project
os_project:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: "{{ tripleo_keystone_resources_project }}"
domain_id: default
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_project_results
loop: "{{ batched_tripleo_keystone_resources_projects }}"
loop_control:
loop_var: tripleo_keystone_resources_project

- name: Check Keystone project status
async_status:
jid: "{{ tripleo_keystone_resources_project_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_project_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_project_async_result_item"
register: tripleo_keystone_resources_project_async_poll_results
until: tripleo_keystone_resources_project_async_poll_results.finished
retries: 30

+ 37
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/roles.yml View File

@@ -0,0 +1,37 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Async creation of Keystone role
os_keystone_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: "{{ tripleo_keystone_resources_role }}"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_role_results
loop: "{{ batched_tripleo_keystone_resources_roles }}"
loop_control:
loop_var: tripleo_keystone_resources_role

- name: Check Keystone role status
async_status:
jid: "{{ tripleo_keystone_resources_role_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_role_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_role_async_result_item"
register: tripleo_keystone_resources_role_async_poll_results
until: tripleo_keystone_resources_role_async_poll_results.finished
retries: 30

+ 39
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/services.yml View File

@@ -0,0 +1,39 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Async creation of Keystone service
os_keystone_service:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: "{{ tripleo_keystone_resources_data.key }}"
service_type: "{{ tripleo_keystone_resources_data.value.service }}"
description: "OpenStack {{ tripleo_keystone_resources_data.value.service | title() }} Service"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_service_results
loop: "{{ batched_tripleo_keystone_resources_data }}"
loop_control:
loop_var: tripleo_keystone_resources_data

- name: Check Keystone service status
async_status:
jid: "{{ tripleo_keystone_resources_service_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_service_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_service_async_result_item"
register: tripleo_keystone_resources_service_async_poll_results
until: tripleo_keystone_resources_service_async_poll_results.finished
retries: 30

+ 43
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_per_role.yml View File

@@ -0,0 +1,43 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: "Async assignment of Keystone user to roles"
os_user_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
user: "{{ lookup('dict', tripleo_keystone_resources_data_user).key }}"
project: "{{ lookup('dict', tripleo_keystone_resources_data_user).value.project | default(omit) }}"
# TODO(emilien) remove the custom filter once the module moved to OpenStack collections and we can make changes
domain: >-
{{ lookup('dict', tripleo_keystone_resources_data_user).value.domain | default(omit) |
get_domain_id(all_domains=openstack_domains) | default(omit) }}
role: "{{ batched_tripleo_keystone_resources_roles_data.key }}"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_user_role_results
loop: "{{ tripleo_keystone_resources_data_users }}"
loop_control:
loop_var: tripleo_keystone_resources_data_user

- name: "Check Keystone user assignment to roles status"
async_status:
jid: "{{ tripleo_keystone_resources_user_role_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_user_role_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_user_role_async_result_item"
register: tripleo_keystone_resources_user_role_async_poll_results
until: tripleo_keystone_resources_user_role_async_poll_results.finished
retries: 30

+ 22
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_roles.yml View File

@@ -0,0 +1,22 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: "Async assignment of Keystone user per role"
include_tasks: user_per_role.yml
# This loop is required as a user can have multiple roles but the os_user_role doesn't handle it.
loop: "{{ batched_tripleo_keystone_resources_roles_data.value | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: tripleo_keystone_resources_data_users

+ 40
- 0
tripleo_ansible/roles/tripleo-keystone-resources/tasks/users.yml View File

@@ -0,0 +1,40 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: "Async creation of Keystone user"
os_user:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: "{{ lookup('dict', tripleo_keystone_resources_data).key }}"
password: "{{ lookup('dict', tripleo_keystone_resources_data).value.password }}"
email: "{{ lookup('dict', tripleo_keystone_resources_data).key }}@localhost"
domain: "{{ lookup('dict', tripleo_keystone_resources_data).value.domain | default('default') }}"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_user_results
loop: "{{ batched_tripleo_keystone_resources_data }}"
loop_control:
loop_var: tripleo_keystone_resources_data

- name: "Check Keystone user status"
async_status:
jid: "{{ tripleo_keystone_resources_user_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_user_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_user_async_result_item"
register: tripleo_keystone_resources_user_async_poll_results
until: tripleo_keystone_resources_user_async_poll_results.finished
retries: 30

+ 111
- 4
tripleo_ansible/tests/plugins/filter/test_helpers.py View File

@@ -196,7 +196,7 @@ class TestHelperFilters(tests_base.TestCase):
},
}
]
result = self.filters.haskey(batched_container_data=data,
result = self.filters.haskey(data=data,
attribute='restart', value='always')
self.assertEqual(result, expected_list)

@@ -224,7 +224,7 @@ class TestHelperFilters(tests_base.TestCase):
},
}
]
result = self.filters.haskey(batched_container_data=data,
result = self.filters.haskey(data=data,
attribute='restart',
value='always',
reverse=True)
@@ -255,7 +255,7 @@ class TestHelperFilters(tests_base.TestCase):
},
}
]
result = self.filters.haskey(batched_container_data=data,
result = self.filters.haskey(data=data,
attribute='restart',
any=True)
self.assertEqual(result, expected_list)
@@ -284,7 +284,7 @@ class TestHelperFilters(tests_base.TestCase):
},
}
]
result = self.filters.haskey(batched_container_data=data,
result = self.filters.haskey(data=data,
attribute='restart',
reverse=True,
any=True)
@@ -397,6 +397,68 @@ class TestHelperFilters(tests_base.TestCase):
config_id='tripleo_step1')
self.assertEqual(result, expected_list)

def test_get_key_from_dict(self):
data = {
'nova_api': {
'project': 'service1'
},
'glance_api': {
'project': 'service1'
},
'heat_api': {
'user': 'heat'
},
'cinder_api': {
'project': 'service2'
}
}
expected_list = ['service1', 'service3', 'service2']
result = self.filters.get_key_from_dict(data, key='project',
default='service3')
self.assertEqual(result, expected_list)

def test_get_key_from_dict_with_list_input(self):
data = {
'nova_api': {
'roles': ['service', 'admin']
},
'glance_api': {
'roles': 'service1'
},
'heat_api': {
'user': 'heat'
},
'cinder_api': {
'project': 'service2',
'roles': ['service', 'service4']
}
}
expected_list = ['service', 'admin', 'service1', 'service4']
result = self.filters.get_key_from_dict(data, key='roles',
default='service')
self.assertEqual(result, expected_list)

def test_get_key_from_dict_with_dict_input(self):
data = {
'nova_api': {
'users': {'nova': {'password': 'secret',
'roles': ['foo', 'bar']}},
},
'glance_api': {
'roles': 'service1'
},
'heat_api': {
'user': 'heat'
},
'cinder_api': {
'project': 'service2'
}
}
expected_list = [{'nova': {'password': 'secret', 'roles':
['foo', 'bar']}}]
result = self.filters.get_key_from_dict(data, key='users')
self.assertEqual(result, expected_list)

def test_container_exec_cmd(self):
data = {
"action": "exec",
@@ -421,3 +483,48 @@ class TestHelperFilters(tests_base.TestCase):
'keystone', 'keystone-manage', 'bootstrap']
result = self.filters.container_exec_cmd(data=data)
self.assertEqual(result, expected_cmd)

def test_get_role_assignments(self):
data = [{
'nova': {
'roles': ['service', 'admin'],
},
'glance': {
'roles': 'service1',
'user': 'glance'
},
'cinder': {
'project': 'service2'
},
'heat': {
'domain': 'heat_domain'
}
}]
expected_hash = {
'admin': [{'nova': {'project': 'service'}},
{'cinder': {'project': 'service2'}},
{'heat': {'domain': 'heat_domain'}}
],
'service': [{'nova': {'project': 'service'}}],
'service1': [{'glance': {'project': 'service'}}]
}
result = self.filters.get_role_assignments(data)
self.assertEqual(result, expected_hash)

def test_get_domain_id(self):
openstack_domains = [
{
"description": "The default domain",
"enabled": "true",
"id": "default",
"name": "Default"
},
{
"description": "The heat stack domain",
"enabled": "true",
"id": "fd85b560d4554fd8bf363728e4a3863e",
"name": "heat_stack"
}
]
result = self.filters.get_domain_id('heat_stack', openstack_domains)
self.assertEqual(result, 'fd85b560d4554fd8bf363728e4a3863e')

+ 10
- 0
zuul.d/molecule.yaml View File

@@ -40,6 +40,7 @@
- tripleo-ansible-centos-7-molecule-tripleo-hosts-entries
- tripleo-ansible-centos-7-molecule-tripleo-container-manage
- tripleo-ansible-centos-7-molecule-tripleo-modules
- tripleo-ansible-centos-7-molecule-tripleo-keystone-resources
gate:
jobs:
- tripleo-ansible-centos-7-molecule-aide
@@ -80,6 +81,7 @@
- tripleo-ansible-centos-7-molecule-tripleo-hosts-entries
- tripleo-ansible-centos-7-molecule-tripleo-container-manage
- tripleo-ansible-centos-7-molecule-tripleo-modules
- tripleo-ansible-centos-7-molecule-tripleo-keystone-resources
name: tripleo-ansible-molecule-jobs
- job:
files:
@@ -357,3 +359,11 @@
- ^molecule-requirements.txt
name: tripleo-ansible-centos-7-molecule-tripleo-modules
parent: tripleo-ansible-centos-7-base

- job:
files:
- ^tripleo_ansible/roles/tripleo-keystone-resources/.*
name: tripleo-ansible-centos-7-molecule-tripleo-keystone-resources
parent: tripleo-ansible-centos-7-base
vars:
tripleo_role_name: tripleo-keystone-resources

Loading…
Cancel
Save