Update keystone::auth to match latest pattern.
Most of our modules allow deployers to specify public_url, internal_url and admin_url. Tuskar is still doing it the old way by making a deployer to specify public_port, public_address and public_protocol. This commit aims to bring tuskar keystone::auth class up to date with the other modules Sources : * nova: https://raw.githubusercontent.com/openstack/puppet-nova/master/manifests/keystone/auth.pp * cinder: https://raw.githubusercontent.com/openstack/puppet-cinder/master/manifests/keystone/auth.pp Change-Id: I6137858838708ced8089072b280ce419d5bb98f5
This commit is contained in:
parent
52120a9c64
commit
65c86d981a
@ -36,6 +36,18 @@
|
||||
# [*configure_endpoint*]
|
||||
# Should Tuskar endpoint be configured? Defaults to 'true'.
|
||||
#
|
||||
# [*configure_user*]
|
||||
# (Optional) Should the service user be configured?
|
||||
# Defaults to 'true'.
|
||||
#
|
||||
# [*configure_user_role*]
|
||||
# (Optional) Should the admin role be configured for the service user?
|
||||
# Defaults to 'true'.
|
||||
#
|
||||
# [*service_name*]
|
||||
# (Optional) Name of the service.
|
||||
# Defaults to the value of auth_name, but must differ from the value.
|
||||
#
|
||||
# [*service_type*]
|
||||
# Type of service. Defaults to 'management'.
|
||||
#
|
||||
@ -43,32 +55,51 @@
|
||||
# Description for keystone service. Optional. Defaults to 'Tuskar Management Service'.
|
||||
#
|
||||
# [*public_protocol*]
|
||||
# (optional) DEPRECATED: Use public_url instead.
|
||||
# Protocol for public endpoint. Defaults to 'http'.
|
||||
#
|
||||
# [*public_address*]
|
||||
# (optional) DEPRECATED: Use public_url instead.
|
||||
# Public address for endpoint. Defaults to '127.0.0.1'.
|
||||
#
|
||||
# [*admin_protocol*]
|
||||
# (optional) DEPRECATED: Use admin_url instead.
|
||||
# Protocol for admin endpoint. Defaults to 'http'.
|
||||
#
|
||||
# [*admin_address*]
|
||||
# (optional) DEPRECATED: Use admin_url instead.
|
||||
# Admin address for endpoint. Defaults to '127.0.0.1'.
|
||||
#
|
||||
# [*internal_protocol*]
|
||||
# (optional) DEPRECATED: Use internal_url instead.
|
||||
# Protocol for internal endpoint. Defaults to 'http'.
|
||||
#
|
||||
# [*internal_address*]
|
||||
# (optional) DEPRECATED: Use internal_url instead.
|
||||
# Internal address for endpoint. Defaults to '127.0.0.1'.
|
||||
#
|
||||
# [*port*]
|
||||
# (optional) DEPRECATED: Use public_url, internal_url and admin_url instead.
|
||||
# Port for endpoint. Defaults to '8585'.
|
||||
#
|
||||
# [*public_port*]
|
||||
# (optional) DEPRECATED: Use public_url instead.
|
||||
# Port for public endpoint. Defaults to $port.
|
||||
#
|
||||
# [*region*]
|
||||
# Region for endpoint. Defaults to 'RegionOne'.
|
||||
#
|
||||
# [*public_url*]
|
||||
# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8585')
|
||||
# This url should *not* contain any trailing '/'.
|
||||
#
|
||||
# [*admin_url*]
|
||||
# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:8585')
|
||||
# This url should *not* contain any trailing '/'.
|
||||
#
|
||||
# [*internal_url*]
|
||||
# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:8585')
|
||||
# This url should *not* contain any trailing '/'.
|
||||
#
|
||||
class tuskar::keystone::auth (
|
||||
$password,
|
||||
@ -76,41 +107,107 @@ class tuskar::keystone::auth (
|
||||
$email = 'tuskar@localhost',
|
||||
$tenant = 'services',
|
||||
$configure_endpoint = true,
|
||||
$configure_user = true,
|
||||
$configure_user_role = true,
|
||||
$service_name = undef,
|
||||
$service_type = 'management',
|
||||
$service_description = 'Tuskar Management Service',
|
||||
$public_protocol = 'http',
|
||||
$public_address = '127.0.0.1',
|
||||
$admin_protocol = 'http',
|
||||
$admin_address = '127.0.0.1',
|
||||
$internal_protocol = 'http',
|
||||
$internal_address = '127.0.0.1',
|
||||
$port = '8585',
|
||||
$region = 'RegionOne',
|
||||
$public_url = 'http://127.0.0.1:8585',
|
||||
$admin_url = 'http://127.0.0.1:8585',
|
||||
$internal_url = 'http://127.0.0.1:8585',
|
||||
# DEPRECATED
|
||||
$port = undef,
|
||||
$public_protocol = undef,
|
||||
$public_address = undef,
|
||||
$admin_protocol = undef,
|
||||
$admin_address = undef,
|
||||
$internal_protocol = undef,
|
||||
$internal_address = undef,
|
||||
$public_port = undef,
|
||||
$region = 'RegionOne'
|
||||
) {
|
||||
|
||||
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'tuskar-api' |>
|
||||
Keystone_endpoint["${region}/${auth_name}"] ~> Service <| name == 'tuskar-api' |>
|
||||
|
||||
if ! $public_port {
|
||||
$real_public_port = $port
|
||||
} else {
|
||||
$real_public_port = $public_port
|
||||
if $port {
|
||||
warning('The port parameter is deprecated, use public_url, internal_url and admin_url instead.')
|
||||
}
|
||||
|
||||
if $public_port {
|
||||
warning('The public_port parameter is deprecated, use public_url instead.')
|
||||
}
|
||||
|
||||
if $public_protocol {
|
||||
warning('The public_protocol parameter is deprecated, use public_url instead.')
|
||||
}
|
||||
|
||||
if $public_address {
|
||||
warning('The public_address parameter is deprecated, use public_url instead.')
|
||||
}
|
||||
|
||||
if $internal_protocol {
|
||||
warning('The internal_protocol parameter is deprecated, use internal_url instead.')
|
||||
}
|
||||
|
||||
if $internal_address {
|
||||
warning('The internal_address parameter is deprecated, use internal_url instead.')
|
||||
}
|
||||
|
||||
if $admin_address {
|
||||
warning('The admin_address parameter is deprecated, use admin_url instead.')
|
||||
}
|
||||
|
||||
if $admin_protocol {
|
||||
warning('The admin_protocol parameter is deprecated, use admin_url instead.')
|
||||
}
|
||||
|
||||
if ($public_protocol or $public_address or $port or $public_port) {
|
||||
$public_url_real = sprintf('%s://%s:%s',
|
||||
pick($public_protocol, 'http'),
|
||||
pick($public_address, '127.0.0.1'),
|
||||
pick($public_port, $port, '8585'))
|
||||
} else {
|
||||
$public_url_real = $public_url
|
||||
}
|
||||
|
||||
if ($admin_protocol or $admin_address or $port) {
|
||||
$admin_url_real = sprintf('%s://%s:%s',
|
||||
pick($admin_protocol, 'http'),
|
||||
pick($admin_address, '127.0.0.1'),
|
||||
pick($port, '8585'))
|
||||
} else {
|
||||
$admin_url_real = $admin_url
|
||||
}
|
||||
|
||||
if ($internal_protocol or $internal_address or $port) {
|
||||
$internal_url_real = sprintf('%s://%s:%s',
|
||||
pick($internal_protocol, 'http'),
|
||||
pick($internal_address, '127.0.0.1'),
|
||||
pick($port, '8585'))
|
||||
} else {
|
||||
$internal_url_real = $internal_url
|
||||
}
|
||||
|
||||
$real_service_name = pick($service_name, $auth_name)
|
||||
|
||||
if $configure_user_role {
|
||||
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'tuskar-api' |>
|
||||
}
|
||||
|
||||
Keystone_endpoint["${region}/${auth_name}"] ~> Service <| name == 'tuskar-api' |>
|
||||
|
||||
keystone::resource::service_identity { $auth_name:
|
||||
configure_user => true,
|
||||
configure_user_role => true,
|
||||
configure_user => $configure_user,
|
||||
configure_user_role => $configure_user_role,
|
||||
configure_endpoint => $configure_endpoint,
|
||||
service_name => $real_service_name,
|
||||
service_type => $service_type,
|
||||
service_description => $service_description,
|
||||
region => $region,
|
||||
password => $password,
|
||||
email => $email,
|
||||
tenant => $tenant,
|
||||
public_url => "${public_protocol}://${public_address}:${real_public_port}",
|
||||
internal_url => "${internal_protocol}://${internal_address}:${port}",
|
||||
admin_url => "${admin_protocol}://${admin_address}:${port}",
|
||||
public_url => $public_url_real,
|
||||
internal_url => $internal_url_real,
|
||||
admin_url => $admin_url_real,
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -40,6 +40,22 @@ describe 'tuskar::keystone::auth' do
|
||||
) }
|
||||
end
|
||||
|
||||
describe 'with endpoint parameters' do
|
||||
let :params do
|
||||
{ :password => 'tuskar_password',
|
||||
:public_url => 'https://10.0.0.10:8585',
|
||||
:admin_url => 'https://10.0.0.11:8585',
|
||||
:internal_url => 'https://10.0.0.11:8585' }
|
||||
end
|
||||
|
||||
it { is_expected.to contain_keystone_endpoint('RegionOne/tuskar').with(
|
||||
:ensure => 'present',
|
||||
:public_url => 'https://10.0.0.10:8585',
|
||||
:admin_url => 'https://10.0.0.11:8585',
|
||||
:internal_url => 'https://10.0.0.11:8585'
|
||||
) }
|
||||
end
|
||||
|
||||
describe 'when configuring tuskar-server' do
|
||||
let :pre_condition do
|
||||
"class { 'tuskar::server': auth_password => 'test' }"
|
||||
@ -81,4 +97,20 @@ describe 'tuskar::keystone::auth' do
|
||||
it { is_expected.to contain_keystone_service('tuskary') }
|
||||
it { is_expected.to contain_keystone_endpoint('RegionOne/tuskary') }
|
||||
end
|
||||
|
||||
describe 'when overriding various parameters' do
|
||||
let :params do
|
||||
{ :password => 'foo',
|
||||
:service_name => 'mytuskar',
|
||||
:configure_user => false,
|
||||
:configure_user_role => false }
|
||||
end
|
||||
|
||||
it { is_expected.to contain_keystone__resource__service_identity('tuskar').with(
|
||||
:service_name => 'mytuskar',
|
||||
:configure_user => false,
|
||||
:configure_user_role => false,
|
||||
) }
|
||||
end
|
||||
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user