openstack
/
tripleo-ansible
Code Issues Proposed changes

[train-squash] Backport tripleo-keystone-resources role 

The role has proven to be stable and made the deployment a bit faster
since it's only taking a minute to create all Keystone resources with
Ansible vs more than 8 minutes with Puppet. This effort is worth a
backport to stable/train.

Introduce tripleo-keystone-resources role

This role will manage Keystone resources, like
/etc/openstack/clouds.yaml, Keystone endpoints/users/roles/etc and
everything that was managed by Puppet before regarding Keystone.

Management of Keystone resources for each OpenStack service:
- services
- projects
- endpoints
- roles
- users and their assignment to roles
- admin resources

It's using batch + async so it runs faster than with Puppet where it
calls openstack client for each resource. Here it's using the python
openstacksdk with concurrency.

Change-Id: Ib9615c55d0fb4ea71208d74c5ee22594db52f46a
(cherry picked from commit 566bcf66ce)

Update override for keystone resources

The existing override was double quoting the override options which would
lead the config generator to double quote keys in the rendered data. This
change modifies the override data to make it use a jinja data structure
which will ensure we're not having to deal with quoting issues.

Change-Id: If3000457cb0c4fcd07082057ee801d30ff4a10e9
Signed-off-by: Kevin Carter <kecarter@redhat.com>
(cherry picked from commit 30c7de49b0)

tripleo-keystone-resources: fix a typo for domains creation

The variable was wrong for the loop item, this patch fixes it.

Change-Id: I095a60421ec1ecb60fdbf14cf7788a82492ed651
(cherry picked from commit 71d0997328)

tripleo-keystone-resources: handle multiple roles per user

os_user_role module can only assign one role to a user.
If a user needs multiple roles, we need a filter to build a dict where
each key is a user with a list of the assigned roles.

Change-Id: I3aff5f25b90affceacdf95d0f2725ed740761b70
(cherry picked from commit 478daa5471)

Data structure changes for tripleo-keystone-resources role

While reviewing the first implementation it appears that we can extend
the data structure to make it so we wouldn't need extra Ansible tasks to
handle other Keystone resources needed by some services like barbican,
ceilometer or heat.

This change does the following:

- remove "container" related variable name from "haskey" filter, as we
  will recycle it from the tripleo-keystone-resources role.
- keystone endpoints will be found under "endpoints" and not "urls".
- keystone endpoints data will be built from the keystone_resources
  dictionary only if endpoints are specified in the dict items.
  The loop-endpoints will loop over a list of keystone resources which
  contain "endpoints" key. However, it needs access to some other keys
  during the endpoint creation so we re-used that filter.
- Same for Keystone Services, with "service" attribute.
- Re-use "get_key_from_dict" filter to get all Keystone users to create.
  This can be done because the function will return only the key and its
  value when present, create a list and then we pass it to the users
  playbook.
  We do the same for the user roles assignment, but we also apply the
  "get_role_assignments" filter, to build the proper data structure so
  role assignement is done correctly.
- Allow to create extra roles and domains.
- Allow to override the default domain when creating a user.
- Modify "get_role_assignments" filter so if a domain is specified, the
  user is assigned to the role in a domain and not in a project.
  If on domain is specified, we assign it into a project, and the
  default is set by tripleo_keystone_resources_service_project where the
  default is "service" by legacy.
  The data structure of the returned value changed, to work with this
  complex situation (in Keystone v3, domain & project are mutually
  exclusive when doing role assignment).
- Add tripleo_keystone_resources_batch variable and set to 10 by
  default, so we'll manage 10 resources at the same time in async to
  speed things up.
- Create get_domain_id() filter to go over all domains and get a domain
  id from a domain name. Unfortunately, the module that list all domains
  changed in Ansible 2.9.1 so we have 2 kind of playbooks to support old
  and new style to gather all domains infos.

The new structure looks like the following:

      keystone_resources:
        nova:
          service: compute
          region: RegionOne
          endpoints:
            public: https://public-nova:8774
            admin: https://admin-nova:8774
            internal: https://internal-nova:8774
          users:
            nova:
              password: secretenova
              roles:
                - admin
                - service
              domain: nova_extra_domain
          roles:
            - nova_extra_role
          domains:
            - nova_extra_domain

Change-Id: Ia68f8852662fb4abbd194954a246afb740bf3f71
(cherry picked from commit 44204ec6b2)
This commit is contained in:
Emilien Macchi 2019-11-27 10:41:54 -05:00
parent ad0818ec56
commit edbaa07ea4
26 changed files with 1186 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/source/roles/role-tripleo-keystone-resources.rst Normal file
View File

@ -0,0 +1,6 @@
=================================
Role - tripleo-keystone-resources
=================================
.. ansibleautoplugin::
:role: tripleo_ansible/roles/tripleo-keystone-resources

107
tripleo_ansible/ansible_plugins/filter/helpers.py
View File

@ -37,7 +37,10 @@ class FilterModule(object):
'needs_delete': self.needs_delete,
'haskey': self.haskey,
'list_of_keys': self.list_of_keys,
'container_exec_cmd': self.container_exec_cmd
'container_exec_cmd': self.container_exec_cmd,
'get_key_from_dict': self.get_key_from_dict,
'get_role_assignments': self.get_role_assignments,
'get_domain_id': self.get_domain_id
}
def subsort(self, dict_to_sort, attribute, null_value=0):
@ -157,11 +160,10 @@ class FilterModule(object):
return to_delete
def haskey(self, batched_container_data, attribute, value=None,
reverse=False, any=False):
"""Return container data with a specific config key.
def haskey(self, data, attribute, value=None, reverse=False, any=False):
"""Return dict data with a specific key.
This filter will take a list of dictionaries (batched_container_data)
This filter will take a list of dictionaries (data)
and will return the dictionnaries which have a certain key given
in parameter with 'attribute'.
If reverse is set to True, the returned list won't contain dictionaries
@ -170,11 +172,11 @@ class FilterModule(object):
the list of values for "value" parameter which has to be a list.
"""
return_list = []
for container in batched_container_data:
for k, v in json.loads(json.dumps(container)).items():
for i in data:
for k, v in json.loads(json.dumps(i)).items():
if attribute in v and not reverse:
if value is None:
return_list.append({k: v})
return_list.append(i)
else:
if isinstance(value, list) and any:
if v[attribute] in value:
@ -201,6 +203,39 @@ class FilterModule(object):
list_of_keys.append(k)
return list_of_keys
def get_key_from_dict(self, data, key, strict=False, default=None):
"""Return a list of unique values from a specific key from a dict.
This filter takes in input a list of dictionaries and for each of them
it will add the value of a specific key into returned_list and
returns it sorted. If the key has to be part of the dict, set strict to
True. A default can be set if the key doesn't exist but strict has to
be set to False.
"""
returned_list = []
for i in data.items():
value = i[1].get(key)
if value is None and not strict and default is not None:
value = default
if value is None:
if strict:
raise TypeError('Missing %s key in '
'%s' % (key, i[0]))
else:
continue
if isinstance(value, list):
for v in value:
if v not in returned_list:
returned_list.append(v)
elif isinstance(value, dict):
for k, v in value.items():
if v not in returned_list:
returned_list.append({k: v})
else:
if value not in returned_list:
returned_list.append(value)
return returned_list
def list_or_dict_arg(self, data, cmd, key, arg):
"""Utility to build a command and its argument with list or dict data.
@ -235,3 +270,59 @@ class FilterModule(object):
self.list_or_dict_arg(data, cmd, 'environment', '--env')
cmd.extend(data['command'])
return cmd
def get_role_assignments(self, data, default_role='admin',
default_project='service'):
"""Return a dict of all roles and their users.
This filter takes in input the keystone resources data and
returns a dict where each key is a role and its users assigned.
If 'domain' or 'project' are specified, they are added to the user
entry; so the user will be assign to the domain or the project.
If no domain and no project are specified, default_project will be
used.
Note that domain and project are mutually exclusive in Keystone v3.
"""
returned_dict = {}
for d in data:
for k, v in d.items():
roles = v.get('roles', default_role)
domain = v.get('domain')
project = v.get('project')
if domain is not None and project is not None:
raise TypeError('domain and project need to be mutually '
'exclusive for user: %s' % k)
if isinstance(roles, list):
for r in roles:
if r not in returned_dict:
returned_dict[r] = []
if domain is not None:
returned_dict[r].append({k: {'domain': domain}})
elif project is not None:
returned_dict[r].append({k: {'project': project}})
else:
returned_dict[r].append({k: {'project':
default_project}})
else:
if roles not in returned_dict:
returned_dict[roles] = []
if domain is not None:
returned_dict[roles].append({k: {'domain': domain}})
elif project is not None:
returned_dict[roles].append({k: {'project': project}})
else:
returned_dict[roles].append({k: {'project':
default_project}})
return returned_dict
def get_domain_id(self, domain_name, all_domains):
"""Return the ID of a domain by its name.
This filter taks in input a domain name and a dictionary with all
domain informations.
"""
for d in all_domains:
if d.get('name') == domain_name:
return d.get('id')

29
tripleo_ansible/roles/tripleo-keystone-resources/defaults/main.yml Normal file
View File

@ -0,0 +1,29 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_keystone_resources"
tripleo_keystone_resources_cloud_name: openstack
tripleo_keystone_resources_cloud_config: {}
tripleo_keystone_resources_clouds_file_path: /etc/openstack/clouds.yaml
tripleo_keystone_resources_clouds_file_owner: root
tripleo_keystone_resources_clouds_file_group: root
tripleo_keystone_resources_clouds_file_mode: '0644'
tripleo_keystone_resources_catalog_config: {}
tripleo_keystone_resources_member_role_enabled: false
tripleo_keystone_resources_batch: 10

44
tripleo_ansible/roles/tripleo-keystone-resources/meta/main.yml Normal file
View File

@ -0,0 +1,44 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo-keystone-resources
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Fedora
versions:
- 28
- name: CentOS
versions:
- 7
galaxy_tags:
- tripleo
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
dependencies: []

37
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile Normal file
View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

15
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile.keystone Normal file
View File

@ -0,0 +1,15 @@
FROM centos:7
LABEL maintainer="dev@cloudesire.com"
ENV OS_RELEASE=train
RUN yum clean all \
&& yum -y update \
&& yum -y install centos-release-openstack-${OS_RELEASE} \
&& yum -y install openstack-keystone openstack-utils python-openstackclient \
&& yum clean all
COPY start_keystone.sh /
EXPOSE 5000 35357
CMD ["/start_keystone.sh"]

40
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,40 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
dockerfile: Dockerfile
network_mode: host
easy_install:
- pip
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
lint:
enabled: false
verifier:
name: testinfra
lint:
name: flake8

51
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/playbook.yml Normal file
View File

@ -0,0 +1,51 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
tasks:
- name: Create openstack directory
file:
path: /etc/openstack
state: directory
- name: Configure /etc/openstack/clouds.yaml
include_role:
name: tripleo-keystone-resources
tasks_from: clouds
vars:
tripleo_keystone_resources_cloud_name: openstack
tripleo_keystone_resources_cloud_config:
auth:
auth_url: http://localhost:5000/
project_name: "admin"
username: "admin"
password: "ADMIN_PASS"
project_domain_id: default
user_domain_id: default
identity_api_version: 3
region_name: RegionOne
- name: Create keystone admin resources
include_role:
name: tripleo-keystone-resources
tasks_from: admin
vars:
tripleo_keystone_resources_cloud_name: openstack
tripleo_keystone_resources_region: RegionOne
tripleo_keystone_resources_admin_password: "ADMIN_PASS"
tripleo_keystone_resources_admin_endpoint: "http://localhost:35357"
tripleo_keystone_resources_internal_endpoint: "http://localhost:5000"
tripleo_keystone_resources_public_endpoint: "http://localhost:5000"

43
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/prepare.yml Normal file
View File

@ -0,0 +1,43 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- hosts: localhost
connection: local
tasks:
- name: Build keystone container
shell: docker build -t keystone-img -f Dockerfile.keystone .
- name: Run keystone container
shell: docker run -d -p 5000:5000 --name keystone-docker keystone-img
- name: Prepare
hosts: all
tasks:
- include_role:
name: test_deps
vars:
test_deps_setup_tripleo: true
- name: Instal pre packages
package:
name:
- python-setuptools
- python-openstacksdk
- python-openstackclient
- python-keystoneclient
- ansible

93
tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/start_keystone.sh Executable file
View File

@ -0,0 +1,93 @@
#!/bin/bash
set -x
### Openstack Keystone
: ${OS_RELEASE:=queens}
: ${IPADDR:=127.0.0.1}
# Identity service configuration
: ${OS_IDENTITY_URL_IPADDR:=$IPADDR}
: ${OS_IDENTITY_API_VERSION:=3}
: ${OS_IDENTITY_SERVICE_REGION:=RegionOne}
: ${OS_IDENTITY_SERVICE_NAME:=keystone}
: ${OS_IDENTITY_ADMIN_DOMAIN:=default}
: ${OS_IDENTITY_ADMIN_PROJECT:=admin}
: ${OS_IDENTITY_ADMIN_USERNAME:=admin}
: ${OS_IDENTITY_ADMIN_PASSWD:=ADMIN_PASS}
: ${OS_IDENTITY_ADMIN_ROLE:=admin}
: ${OS_IDENTITY_URL_ADMIN:=http://${IPADDR}:35357}
: ${OS_IDENTITY_URL_INTERNAL:=http://${IPADDR}:5000}
: ${OS_IDENTITY_URL_PUBLIC:=http://${IPADDR}:5000}
# Object store configuration
: ${OS_OBJECTSTORE_URL_IPADDR:=$IPADDR}
: ${OS_OBJECTSTORE_SERVICE_REGION:=RegionOne}
: ${OS_OBJECTSTORE_SERVICE_NAME:=openio-swift}
: ${OS_OBJECTSTORE_SERVICE_DESC:=OpenIO Swift Object Storage Service}
: ${OS_OBJECTSTORE_DOMAIN:=default}
: ${OS_OBJECTSTORE_PROJECT:=service}
: ${OS_OBJECTSTORE_USERNAME:=swift}
: ${OS_OBJECTSTORE_PASSWD:=SWIFT_PASS}
: ${OS_OBJECTSTORE_ROLE:=admin}
: ${OS_OBJECTSTORE_URL_ADMIN:=http://${IPADDR}:6007/v1}
: ${OS_OBJECTSTORE_URL_INTERNAL:=http://${IPADDR}:6007/v1/AUTH_%(tenant_id)s}
: ${OS_OBJECTSTORE_URL_PUBLIC:=http://${IPADDR}:6007/v1/AUTH_%(tenant_id)s}
# Demo user setup
: ${OS_USER_DEMO_DOMAIN:=default}
: ${OS_USER_DEMO_PROJECT:=demo}
: ${OS_USER_DEMO_USERNAME:=demo}
: ${OS_USER_DEMO_PASSWD:=DEMO_PASS}
: ${OS_USER_DEMO_ROLE:=admin}
echo '> Configuring Keystone ...'
# Set log to stderr for Docker
openstack-config --set /etc/keystone/keystone.conf DEFAULT use_stderr True
# Use a local sqlite database for demo purposes
openstack-config --set /etc/keystone/keystone.conf database connection 'sqlite:////var/lib/keystone/keystone.db'
keystone-manage credential_setup \
--keystone-user keystone \
--keystone-group keystone
keystone-manage fernet_setup \
--keystone-user keystone \
--keystone-group keystone
keystone-manage db_sync
keystone-manage bootstrap \
--bootstrap-project-name "$OS_IDENTITY_ADMIN_PROJECT" \
--bootstrap-username "$OS_IDENTITY_ADMIN_USERNAME" \
--bootstrap-username "$OS_IDENTITY_ADMIN_USERNAME" \
--bootstrap-password "$OS_IDENTITY_ADMIN_PASSWD" \
--bootstrap-role-name "$OS_IDENTITY_ADMIN_ROLE" \
--bootstrap-service-name "$OS_IDENTITY_SERVICE_NAME" \
--bootstrap-region-id "$OS_IDENTITY_SERVICE_REGION" \
--bootstrap-admin-url "$OS_IDENTITY_URL_ADMIN" \
--bootstrap-public-url "$OS_IDENTITY_URL_PUBLIC" \
--bootstrap-internal-url "$OS_IDENTITY_URL_INTERNAL"
# Using uwsgi for demo purposes
echo '> Starting Keystone admin service ...'
/usr/bin/keystone-wsgi-admin --port 35357 &
# Admin credentials
cat <<EOF >/keystone_adminrc
export OS_IDENTITY_API_VERSION="$OS_IDENTITY_API_VERSION"
#export OS_AUTH_URL="$OS_IDENTITY_URL_PUBLIC"
export OS_AUTH_URL="$OS_IDENTITY_URL_ADMIN"
export OS_USER_DOMAIN_ID="$OS_IDENTITY_ADMIN_DOMAIN"
export OS_PROJECT_DOMAIN_ID="$OS_IDENTITY_ADMIN_DOMAIN"
export OS_PROJECT_NAME="$OS_IDENTITY_ADMIN_PROJECT"
export OS_USERNAME="$OS_IDENTITY_ADMIN_USERNAME"
export OS_PASSWORD="$OS_IDENTITY_ADMIN_PASSWD"
EOF
source /keystone_adminrc
# Keystone policy
cat <<EOF >/etc/keystone/policy.json
{
"admin_or_owner": "role:admin or project_id:%(project_id)s",
"default": "rule:admin_or_owner",
"admin_api": "role:admin"
}
EOF
echo '> Starting Keystone public service ...'
/usr/bin/keystone-wsgi-public --port 5000

93
tripleo_ansible/roles/tripleo-keystone-resources/tasks/admin.yml Normal file
View File

@ -0,0 +1,93 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Create default domain
os_keystone_domain:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: default
- name: Create admin and service projects
include_tasks: projects.yml
vars:
batched_tripleo_keystone_resources_projects:
- admin
- service
- name: Create admin role
os_keystone_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: admin
- name: Create _member_ role
os_keystone_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: _member_
when:
- keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled)
- name: Create admin user
os_user:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: admin
password: "{{ tripleo_keystone_resources_admin_password }}"
email: "admin@localhost"
domain: default
- name: Assign admin role to admin project for admin user
os_user_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
user: admin
project: admin
role: admin
- name: Assign _member_ role to admin project for admin user
os_user_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
user: admin
project: admin
role: '_member_'
when:
- keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled)
- name: Create identity service
os_keystone_service:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: keystone
service_type: identity
- name: Create identity public endpoint
os_keystone_endpoint:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
service: keystone
url: "{{ tripleo_keystone_resources_public_endpoint }}"
endpoint_interface: public
region: "{{ tripleo_keystone_resources_region }}"
- name: Create identity internal endpoint
os_keystone_endpoint:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
service: keystone
url: "{{ tripleo_keystone_resources_internal_endpoint }}"
endpoint_interface: internal
region: "{{ tripleo_keystone_resources_region }}"
- name: Create identity admin endpoint
os_keystone_endpoint:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
service: keystone
url: "{{ tripleo_keystone_resources_admin_endpoint }}"
endpoint_interface: admin
region: "{{ tripleo_keystone_resources_region }}"

53
tripleo_ansible/roles/tripleo-keystone-resources/tasks/clouds.yml Normal file
View File

@ -0,0 +1,53 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
- name: "Check if {{ tripleo_keystone_resources_clouds_file_path }} exists"
become: true
stat:
path: "{{ tripleo_keystone_resources_clouds_file_path }}"
register: attr_clouds
# This task is required or config_template will fail if the src file didn't exist
- name: "Create empty {{ tripleo_keystone_resources_clouds_file_path }} if it does not exist"
become: true
copy:
content: |-
---
clouds: {}
dest: "{{ tripleo_keystone_resources_clouds_file_path }}"
when:
- not attr_clouds.stat.exists
- name: "Configure {{ tripleo_keystone_resources_clouds_file_path }}"
include_role:
name: tripleo-config
vars:
tripleo_config_dest: "{{ tripleo_keystone_resources_clouds_file_path }}"
tripleo_config_group: "{{ tripleo_keystone_resources_clouds_file_group }}"
tripleo_config_mode: "{{ tripleo_keystone_resources_clouds_file_mode }}"
tripleo_config_overrides: |-
{% set cloud_config = {'clouds': {}} %}
{% set _ = cloud_config['clouds'].__setitem__(
tripleo_keystone_resources_cloud_name,
tripleo_keystone_resources_cloud_config
)
%}
{{ cloud_config }}
tripleo_config_owner: "{{ tripleo_keystone_resources_clouds_file_owner }}"
tripleo_config_remote_src: true
tripleo_config_src: "{{ tripleo_keystone_resources_clouds_file_path }}"
tripleo_config_type: yaml

37
tripleo_ansible/roles/tripleo-keystone-resources/tasks/domains.yml Normal file
View File

@ -0,0 +1,37 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Async creation of Keystone domains
os_keystone_domain:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: "{{ tripleo_keystone_resources_domain }}"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_domain_results
loop: "{{ batched_tripleo_keystone_resources_data }}"
loop_control:
loop_var: tripleo_keystone_resources_domain
- name: Check Keystone domain status
async_status:
jid: "{{ tripleo_keystone_resources_domain_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_domain_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_domain_async_result_item"
register: tripleo_keystone_resources_domain_async_poll_results
until: tripleo_keystone_resources_domain_async_poll_results.finished
retries: 30

40
tripleo_ansible/roles/tripleo-keystone-resources/tasks/endpoints.yml Normal file
View File

@ -0,0 +1,40 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: "Async creation of Keystone {{ keystone_endpoint_type }} endpoint"
os_keystone_endpoint:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
service: "{{ tripleo_keystone_resources_data.key }}"
url: "{{ tripleo_keystone_resources_data['value']['endpoints'][keystone_endpoint_type] }}"
endpoint_interface: "{{ keystone_endpoint_type }}"
region: "{{ tripleo_keystone_resources_data.value.region }}"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_endpoint_results
loop: "{{ batched_tripleo_keystone_resources_data }}"
loop_control:
loop_var: tripleo_keystone_resources_data
- name: "Check Keystone {{ keystone_endpoint_type }} endpoint status"
async_status:
jid: "{{ tripleo_keystone_resources_endpoint_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_endpoint_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_endpoint_async_result_item"
register: tripleo_keystone_resources_endpoint_async_poll_results
until: tripleo_keystone_resources_endpoint_async_poll_results.finished
retries: 30

20
tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_new.yml Normal file
View File

@ -0,0 +1,20 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Collect OpenStack Keystone domains infos
os_keystone_domain_info:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
register: openstack_domains

24
tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_old.yml Normal file
View File

@ -0,0 +1,24 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
- name: Collect OpenStack Keystone domains facts
os_keystone_domain_facts:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
register: tripleo_domains_facts
- name: Create openstack_domains fact
set_fact:
openstack_domains: "{{ tripleo_domains_facts['ansible_facts']['openstack_domains'] }}"

21
tripleo_ansible/roles/tripleo-keystone-resources/tasks/loop-endpoints.yml Normal file
View File

@ -0,0 +1,21 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: "Create Keystone {{ keystone_endpoint_type }} endpoints"
include_tasks: endpoints.yml
loop: "{{ tripleo_keystone_resources_catalog_config | dict2items | haskey(attribute='endpoints') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_data

101
tripleo_ansible/roles/tripleo-keystone-resources/tasks/main.yml Normal file
View File

@ -0,0 +1,101 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# "tripleo-keystone-resources" will search for and load any operating system variable file
# found within the "vars/" path. If no OS files are found the task will skip.
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- skip: true
files:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
- "{{ ansible_os_family | lower }}.yml"
tags:
- always
- name: Create Keystone Admin resources
include_tasks: admin.yml
- name: Create Keystone Projects
include_tasks: projects.yml
loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='project', default='service') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_projects
- name: Create Keystone Domains
include_tasks: domains.yml
loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='domains') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_data
# We need to gather domains so later we can convert a domain name into a domain ID.
# This is needed because os_user_role doesn't do the conversion yet in the version
# of Ansible that we use. This block will disappear once we use the new modules
# from OpenStack collections.
# In recents version of Ansible, this module was renamed to os_keystone_domain_info.
# Which is why we don't use the same module to gather domains infos.
- name: Gather all OpenStack domains for Ansible < 2.9.2
include_tasks: gather_domains_old.yml
# See https://github.com/ansible/ansible/commit/c91929b2b302b37af22d785641a7fe704003662a
when:
- ansible_version.full is version_compare('2.9.2', '<')
- name: Gather all OpenStack domains for Ansible >= 2.9.2
include_tasks: gather_domains_new.yml
# See https://github.com/ansible/ansible/commit/c91929b2b302b37af22d785641a7fe704003662a
when:
- ansible_version.full is version_compare('2.9.2', '>=')
- name: Create Keystone Services
include_tasks: services.yml
loop: "{{ tripleo_keystone_resources_catalog_config | dict2items | haskey(attribute='service') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_data
- name: Create Keystone Endpoints
include_tasks: loop-endpoints.yml
loop:
- public
- admin
- internal
loop_control:
loop_var: keystone_endpoint_type
- name: Create Keystone Roles
include_tasks: roles.yml
loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='roles', default='service') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_roles
- name: "Create Keystone Users"
include_tasks: users.yml
loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='users') | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: batched_tripleo_keystone_resources_data
- name: "Assign Keystone Users to Roles"
include_tasks: user_roles.yml
loop: >-
{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='users') |
get_role_assignments(default_project=tripleo_keystone_resources_service_project) | dict2items }}
loop_control:
loop_var: batched_tripleo_keystone_resources_roles_data

38
tripleo_ansible/roles/tripleo-keystone-resources/tasks/projects.yml Normal file
View File

@ -0,0 +1,38 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Async creation of Keystone project
os_project:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: "{{ tripleo_keystone_resources_project }}"
domain_id: default
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_project_results
loop: "{{ batched_tripleo_keystone_resources_projects }}"
loop_control:
loop_var: tripleo_keystone_resources_project
- name: Check Keystone project status
async_status:
jid: "{{ tripleo_keystone_resources_project_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_project_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_project_async_result_item"
register: tripleo_keystone_resources_project_async_poll_results
until: tripleo_keystone_resources_project_async_poll_results.finished
retries: 30

37
tripleo_ansible/roles/tripleo-keystone-resources/tasks/roles.yml Normal file
View File

@ -0,0 +1,37 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Async creation of Keystone role
os_keystone_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: "{{ tripleo_keystone_resources_role }}"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_role_results
loop: "{{ batched_tripleo_keystone_resources_roles }}"
loop_control:
loop_var: tripleo_keystone_resources_role
- name: Check Keystone role status
async_status:
jid: "{{ tripleo_keystone_resources_role_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_role_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_role_async_result_item"
register: tripleo_keystone_resources_role_async_poll_results
until: tripleo_keystone_resources_role_async_poll_results.finished
retries: 30

39
tripleo_ansible/roles/tripleo-keystone-resources/tasks/services.yml Normal file
View File

@ -0,0 +1,39 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Async creation of Keystone service
os_keystone_service:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: "{{ tripleo_keystone_resources_data.key }}"
service_type: "{{ tripleo_keystone_resources_data.value.service }}"
description: "OpenStack {{ tripleo_keystone_resources_data.value.service | title() }} Service"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_service_results
loop: "{{ batched_tripleo_keystone_resources_data }}"
loop_control:
loop_var: tripleo_keystone_resources_data
- name: Check Keystone service status
async_status:
jid: "{{ tripleo_keystone_resources_service_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_service_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_service_async_result_item"
register: tripleo_keystone_resources_service_async_poll_results
until: tripleo_keystone_resources_service_async_poll_results.finished
retries: 30

43
tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_per_role.yml Normal file
View File

@ -0,0 +1,43 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: "Async assignment of Keystone user to roles"
os_user_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
user: "{{ lookup('dict', tripleo_keystone_resources_data_user).key }}"
project: "{{ lookup('dict', tripleo_keystone_resources_data_user).value.project | default(omit) }}"
# TODO(emilien) remove the custom filter once the module moved to OpenStack collections and we can make changes
domain: >-
{{ lookup('dict', tripleo_keystone_resources_data_user).value.domain | default(omit) |
get_domain_id(all_domains=openstack_domains) | default(omit) }}
role: "{{ batched_tripleo_keystone_resources_roles_data.key }}"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_user_role_results
loop: "{{ tripleo_keystone_resources_data_users }}"
loop_control:
loop_var: tripleo_keystone_resources_data_user
- name: "Check Keystone user assignment to roles status"
async_status:
jid: "{{ tripleo_keystone_resources_user_role_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_user_role_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_user_role_async_result_item"
register: tripleo_keystone_resources_user_role_async_poll_results
until: tripleo_keystone_resources_user_role_async_poll_results.finished
retries: 30

22
tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_roles.yml Normal file
View File

@ -0,0 +1,22 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: "Async assignment of Keystone user per role"
include_tasks: user_per_role.yml
# This loop is required as a user can have multiple roles but the os_user_role doesn't handle it.
loop: "{{ batched_tripleo_keystone_resources_roles_data.value | batch(tripleo_keystone_resources_batch) | list }}"
loop_control:
loop_var: tripleo_keystone_resources_data_users

40
tripleo_ansible/roles/tripleo-keystone-resources/tasks/users.yml Normal file
View File

@ -0,0 +1,40 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: "Async creation of Keystone user"
os_user:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: "{{ lookup('dict', tripleo_keystone_resources_data).key }}"
password: "{{ lookup('dict', tripleo_keystone_resources_data).value.password }}"
email: "{{ lookup('dict', tripleo_keystone_resources_data).key }}@localhost"
domain: "{{ lookup('dict', tripleo_keystone_resources_data).value.domain | default('default') }}"
state: present
async: 60
poll: 0
register: tripleo_keystone_resources_user_results
loop: "{{ batched_tripleo_keystone_resources_data }}"
loop_control:
loop_var: tripleo_keystone_resources_data
- name: "Check Keystone user status"
async_status:
jid: "{{ tripleo_keystone_resources_user_async_result_item.ansible_job_id }}"
loop: "{{ tripleo_keystone_resources_user_results.results }}"
loop_control:
loop_var: "tripleo_keystone_resources_user_async_result_item"
register: tripleo_keystone_resources_user_async_poll_results
until: tripleo_keystone_resources_user_async_poll_results.finished
retries: 30

115
tripleo_ansible/tests/plugins/filter/test_helpers.py
View File

@ -196,7 +196,7 @@ class TestHelperFilters(tests_base.TestCase):
},
}
]
result = self.filters.haskey(batched_container_data=data,
result = self.filters.haskey(data=data,
attribute='restart', value='always')
self.assertEqual(result, expected_list)
@ -224,7 +224,7 @@ class TestHelperFilters(tests_base.TestCase):
},
}
]
result = self.filters.haskey(batched_container_data=data,
result = self.filters.haskey(data=data,
attribute='restart',
value='always',
reverse=True)
@ -255,7 +255,7 @@ class TestHelperFilters(tests_base.TestCase):
},
}
]
result = self.filters.haskey(batched_container_data=data,
result = self.filters.haskey(data=data,
attribute='restart',
any=True)
self.assertEqual(result, expected_list)
@ -284,7 +284,7 @@ class TestHelperFilters(tests_base.TestCase):
},
}
]
result = self.filters.haskey(batched_container_data=data,
result = self.filters.haskey(data=data,
attribute='restart',
reverse=True,
any=True)
@ -397,6 +397,68 @@ class TestHelperFilters(tests_base.TestCase):
config_id='tripleo_step1')
self.assertEqual(result, expected_list)
def test_get_key_from_dict(self):
data = {
'nova_api': {
'project': 'service1'
},
'glance_api': {
'project': 'service1'
},
'heat_api': {
'user': 'heat'
},
'cinder_api': {
'project': 'service2'
}
}
expected_list = ['service1', 'service3', 'service2']
result = self.filters.get_key_from_dict(data, key='project',
default='service3')
self.assertEqual(result, expected_list)
def test_get_key_from_dict_with_list_input(self):
data = {
'nova_api': {
'roles': ['service', 'admin']
},
'glance_api': {
'roles': 'service1'
},
'heat_api': {
'user': 'heat'
},
'cinder_api': {
'project': 'service2',
'roles': ['service', 'service4']
}
}
expected_list = ['service', 'admin', 'service1', 'service4']
result = self.filters.get_key_from_dict(data, key='roles',
default='service')
self.assertEqual(result, expected_list)
def test_get_key_from_dict_with_dict_input(self):
data = {
'nova_api': {
'users': {'nova': {'password': 'secret',
'roles': ['foo', 'bar']}},
},
'glance_api': {
'roles': 'service1'
},
'heat_api': {
'user': 'heat'
},
'cinder_api': {
'project': 'service2'
}
}
expected_list = [{'nova': {'password': 'secret', 'roles':
['foo', 'bar']}}]
result = self.filters.get_key_from_dict(data, key='users')
self.assertEqual(result, expected_list)
def test_container_exec_cmd(self):
data = {
"action": "exec",
@ -421,3 +483,48 @@ class TestHelperFilters(tests_base.TestCase):
'keystone', 'keystone-manage', 'bootstrap']
result = self.filters.container_exec_cmd(data=data)
self.assertEqual(result, expected_cmd)
def test_get_role_assignments(self):
data = [{
'nova': {
'roles': ['service', 'admin'],
},
'glance': {
'roles': 'service1',
'user': 'glance'
},
'cinder': {
'project': 'service2'
},
'heat': {
'domain': 'heat_domain'
}
}]
expected_hash = {
'admin': [{'nova': {'project': 'service'}},
{'cinder': {'project': 'service2'}},
{'heat': {'domain': 'heat_domain'}}
],
'service': [{'nova': {'project': 'service'}}],
'service1': [{'glance': {'project': 'service'}}]
}
result = self.filters.get_role_assignments(data)
self.assertEqual(result, expected_hash)
def test_get_domain_id(self):
openstack_domains = [
{
"description": "The default domain",
"enabled": "true",
"id": "default",
"name": "Default"
},
{
"description": "The heat stack domain",
"enabled": "true",
"id": "fd85b560d4554fd8bf363728e4a3863e",
"name": "heat_stack"
}
]
result = self.filters.get_domain_id('heat_stack', openstack_domains)
self.assertEqual(result, 'fd85b560d4554fd8bf363728e4a3863e')

10
zuul.d/molecule.yaml
View File

@ -40,6 +40,7 @@
- tripleo-ansible-centos-7-molecule-tripleo-hosts-entries
- tripleo-ansible-centos-7-molecule-tripleo-container-manage
- tripleo-ansible-centos-7-molecule-tripleo-modules
- tripleo-ansible-centos-7-molecule-tripleo-keystone-resources
gate:
jobs:
- tripleo-ansible-centos-7-molecule-aide
@ -80,6 +81,7 @@
- tripleo-ansible-centos-7-molecule-tripleo-hosts-entries
- tripleo-ansible-centos-7-molecule-tripleo-container-manage
- tripleo-ansible-centos-7-molecule-tripleo-modules
- tripleo-ansible-centos-7-molecule-tripleo-keystone-resources
name: tripleo-ansible-molecule-jobs
- job:
files:
@ -357,3 +359,11 @@
- ^molecule-requirements.txt
name: tripleo-ansible-centos-7-molecule-tripleo-modules
parent: tripleo-ansible-centos-7-base
- job:
files:
- ^tripleo_ansible/roles/tripleo-keystone-resources/.*
name: tripleo-ansible-centos-7-molecule-tripleo-keystone-resources
parent: tripleo-ansible-centos-7-base
vars:
tripleo_role_name: tripleo-keystone-resources