Merge "Add keystone support"

Berksfile

@@ -6,3 +6,5 @@ cookbook "statsd",
   github: "att-cloud/cookbook-statsd"
 cookbook "openstack-common",
   github: "stackforge/cookbook-openstack-common"
+cookbook "openstack-identity",
+  github: "stackforge/cookbook-openstack-identity"

CHANGELOG.md

@@ -6,6 +6,7 @@ This file is used to list changes made in each version of cookbook-openstack-obj
 * Upgrading to Juno
 * Upgrading berkshelf from 2.0.18 to 3.1.5
 * Bump Chef gem to 11.16
+* Add keystone registration support
 
 ## 9.0.3
 * Bugfix run_command exitstatus

attributes/default.rb

@@ -1,5 +1,29 @@
 # encoding: UTF-8
-# TODO(chrislaco) This file needs the stock chef header/copyright
+#
+# Cookbook Name:: openstack-object-storage
+# Attributes:: default
+#
+# Copyright 2014 IBM Corp.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['openstack']['object-storage']['service_tenant_name'] = 'service'
+default['openstack']['object-storage']['service_user'] = 'swift'
+default['openstack']['object-storage']['service_role'] = 'admin'
+
+default['openstack']['compute']['region'] = node['openstack']['region']
+
 #--------------------
 # node/ring settings
 #--------------------

metadata.rb

@@ -1,13 +1,13 @@
 name              'openstack-object-storage'
-maintainer       'openstack-chef'
-maintainer_email 'opscode-chef-openstack@googlegroups.com'
+maintainer        'openstack-chef'
+maintainer_email  'opscode-chef-openstack@googlegroups.com'
 license           'Apache 2.0'
 description       'Installs and configures Openstack Swift'
 long_description  IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version           '10.0.0'
 
 recipe            'openstack-object-storage::account-server', 'Installs the swift account server'
-recipe            'openstack-object-storage::client', 'Install the switch client'
+recipe            'openstack-object-storage::client', 'Install the swift client'
 recipe            'openstack-object-storage::container-server', 'Installs the swift container server'
 recipe            'openstack-object-storage::object-server', 'Installs the swift object server'
 recipe            'openstack-object-storage::proxy-server', 'Installs the swift proxy server'
@@ -19,5 +19,5 @@ end
 
 depends 'memcached', '>= 1.7.2'
 depends 'statsd', '>= 0.1.5'
-depends 'apt', '>= 2.3.8'
 depends 'openstack-common', '~> 10.0'
+depends 'openstack-identity', '~> 10.0'

recipes/identity_registration.rb

@@ -0,0 +1,97 @@
+# encoding: UTF-8
+#
+# Cookbook Name:: openstack-object-storage
+# Recipe:: identity_registration
+#
+# Copyright 2013, AT&T Services, Inc.
+# Copyright 2013, Craig Tracey <craigtracey@gmail.com>
+# Copyright 2013, Opscode, Inc.
+# Copyright 2015, IBM Corp.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'uri'
+
+class ::Chef::Recipe # rubocop:disable Documentation
+  include ::Openstack
+end
+
+identity_admin_endpoint = endpoint 'identity-admin'
+
+token = get_secret 'openstack_identity_bootstrap_token'
+auth_url = ::URI.decode identity_admin_endpoint.to_s
+
+api_endpoint = endpoint 'object-storage-api'
+
+service_pass = get_password 'service', 'openstack-object-storage'
+service_tenant_name = node['openstack']['object-storage']['service_tenant_name']
+service_user = node['openstack']['object-storage']['service_user']
+service_role = node['openstack']['object-storage']['service_role']
+region = node['openstack']['object-storage']['region']
+
+# Register Object Storage Service
+openstack_identity_register 'Register Object Storage Service' do
+  auth_uri auth_url
+  bootstrap_token token
+  service_name 'swift'
+  service_type 'object-store'
+  service_description 'Swift Service'
+
+  action :create_service
+end
+
+# Register Object Storage Endpoint
+openstack_identity_register 'Register Object Storage Endpoint' do
+  auth_uri auth_url
+  bootstrap_token token
+  service_type 'object-store'
+  endpoint_region region
+  endpoint_adminurl api_endpoint.to_s
+  endpoint_internalurl api_endpoint.to_s
+  endpoint_publicurl api_endpoint.to_s
+
+  action :create_endpoint
+end
+
+# Register Service Tenant
+openstack_identity_register 'Register Service Tenant' do
+  auth_uri auth_url
+  bootstrap_token token
+  tenant_name service_tenant_name
+  tenant_description 'Service Tenant'
+
+  action :create_tenant
+end
+
+# Register Service User
+openstack_identity_register "Register #{service_user} User" do
+  auth_uri auth_url
+  bootstrap_token token
+  tenant_name service_tenant_name
+  user_name service_user
+  user_pass service_pass
+
+  action :create_user
+end
+
+## Grant Admin role to Service User for Service Tenant ##
+openstack_identity_register "Grant '#{service_role}' Role to #{service_user} User for #{service_tenant_name} Tenant" do
+  auth_uri auth_url
+  bootstrap_token token
+  tenant_name service_tenant_name
+  user_name service_user
+  role_name service_role
+
+  action :grant_role
+end

recipes/setup.rb

@@ -44,7 +44,8 @@ platform_options['proxy_packages'].each do |pkg|
   end
 end
 
-if node['openstack']['object-storage']['authmode'] == 'swauth'
+case node['openstack']['object-storage']['authmode']
+when 'swauth'
   case node['openstack']['object-storage']['swauth_source']
   when 'package'
     platform_options['swauth_packages'].each do |pkg|
@@ -69,15 +70,19 @@ if node['openstack']['object-storage']['authmode'] == 'swauth'
       EOH
       environment 'PREFIX' => '/usr/local'
     end
+  else
+    Chef::Log.fatal("Object storage swauth source #{node['openstack']['object-storage']['swauth_source']} is not supported")
   end
+when 'keystone'
+  package 'python-keystoneclient' do
+    action :upgrade
+  end
+  include_recipe 'openstack-object-storage::identity_registration'
+else
+  Chef::Log.fatal("Object storage authmode #{node['openstack']['object-storage']['authmode']} is not supported")
 end
 
 package 'python-swift-informant' do
   action :upgrade
   only_if { node['openstack']['object-storage']['use_informant'] }
 end
-
-package 'python-keystoneclient' do
-  action :upgrade
-  only_if { node['openstack']['object-storage']['authmode'] == 'keystone' }
-end

spec/identity_registration_spec.rb

@@ -0,0 +1,95 @@
+# encoding: UTF-8
+require_relative 'spec_helper'
+
+describe 'openstack-object-storage::identity_registration' do
+  let(:runner) { ChefSpec::Runner.new(UBUNTU_OPTS) }
+  let(:node) { runner.node }
+  let(:chef_run) do
+    runner.converge(described_recipe)
+  end
+
+  include_context 'swift-stubs'
+
+  it 'registers object storage service' do
+    expect(chef_run).to create_service_openstack_identity_register(
+      'Register Object Storage Service'
+    ).with(
+      auth_uri: 'http://127.0.0.1:35357/v2.0',
+      bootstrap_token: 'bootstrap-token',
+      service_type: 'object-store',
+      service_description: 'Swift Service',
+      action: [:create_service]
+    )
+  end
+
+  context 'registers object storage endpoint' do
+    it 'with default values' do
+      expect(chef_run).to create_endpoint_openstack_identity_register(
+         'Register Object Storage Endpoint'
+      ).with(
+        auth_uri: 'http://127.0.0.1:35357/v2.0',
+        bootstrap_token: 'bootstrap-token',
+        service_type: 'object-store',
+        endpoint_region: 'RegionOne',
+        endpoint_adminurl: 'http://127.0.0.1:8080/v1/',
+        endpoint_internalurl: 'http://127.0.0.1:8080/v1/',
+        endpoint_publicurl: 'http://127.0.0.1:8080/v1/',
+        action: [:create_endpoint]
+      )
+    end
+
+    it 'with custom region override' do
+      node.set['openstack']['object-storage']['region'] = 'swiftRegion'
+      expect(chef_run).to create_endpoint_openstack_identity_register(
+         'Register Object Storage Endpoint'
+      ).with(
+        auth_uri: 'http://127.0.0.1:35357/v2.0',
+        bootstrap_token: 'bootstrap-token',
+        service_type: 'object-store',
+        endpoint_region: 'swiftRegion',
+        endpoint_adminurl: 'http://127.0.0.1:8080/v1/',
+        endpoint_internalurl: 'http://127.0.0.1:8080/v1/',
+        endpoint_publicurl: 'http://127.0.0.1:8080/v1/',
+        action: [:create_endpoint]
+      )
+    end
+  end
+
+  it 'registers service tenant' do
+    expect(chef_run).to create_tenant_openstack_identity_register(
+      'Register Service Tenant'
+    ).with(
+      auth_uri: 'http://127.0.0.1:35357/v2.0',
+      bootstrap_token: 'bootstrap-token',
+      tenant_name: 'service',
+      tenant_description: 'Service Tenant',
+      action: [:create_tenant]
+    )
+  end
+
+  it 'registers service user' do
+    expect(chef_run).to create_user_openstack_identity_register(
+      'Register swift User'
+    ).with(
+      auth_uri: 'http://127.0.0.1:35357/v2.0',
+      bootstrap_token: 'bootstrap-token',
+      tenant_name: 'service',
+      user_name: 'swift',
+      user_pass: 'swift-pass',
+      action: [:create_user]
+    )
+  end
+
+  it 'grants admin role to service user for service tenant' do
+    expect(chef_run).to grant_role_openstack_identity_register(
+      "Grant 'admin' Role to swift User for service Tenant"
+    ).with(
+      auth_uri: 'http://127.0.0.1:35357/v2.0',
+      bootstrap_token: 'bootstrap-token',
+      tenant_name: 'service',
+      role_name: 'admin',
+      user_name: 'swift',
+      action: [:grant_role]
+    )
+  end
+end

spec/setup_spec.rb

@@ -12,6 +12,15 @@ describe 'openstack-object-storage::setup' do
     include_context 'swift-stubs'
     include_examples 'keystone-authmode'
 
+    it 'does not include the identity registration recipe' do
+      expect(chef_run).not_to include_recipe('openstack-object-storage::identity_registration')
+    end
+
+    it 'includes the identity registration recipe' do
+      node.set['openstack']['object-storage']['authmode'] = 'keystone'
+      expect(chef_run).to include_recipe('openstack-object-storage::identity_registration')
+    end
+
     # TODO: flush out rest of this spec
   end
 end

spec/spec_helper.rb

@@ -70,6 +70,13 @@ shared_context 'swift-stubs' do
     }
     allow_any_instance_of(Chef::Recipe).to receive(:search).with(:node, 'chef_environment:_default AND roles:swift-setup').and_return([n])
     allow(Chef::Application).to receive(:fatal!)
+
+    allow_any_instance_of(Chef::Recipe).to receive(:get_secret)
+      .with('openstack_identity_bootstrap_token')
+      .and_return('bootstrap-token')
+    allow_any_instance_of(Chef::Recipe).to receive(:get_password)
+      .with('service', 'openstack-object-storage')
+      .and_return('swift-pass')
   end
 end
 
@@ -81,7 +88,8 @@ shared_examples 'keystone-authmode' do
     end
     describe 'keystone authorization mode' do
       before { node.set['openstack']['object-storage']['authmode'] = 'keystone' }
-      it 'does not upgrade keystoneclient package' do
+
+      it 'does upgrade keystoneclient package' do
         expect(chef_run).to upgrade_package('python-keystoneclient')
       end
     end