From e3db2693b50d9d950adc6119135403eb235335ab Mon Sep 17 00:00:00 2001 From: ericzhou Date: Wed, 5 Mar 2014 16:07:23 +0800 Subject: [PATCH] Create tenant/user and grant admin role for metering. Create tenant/user and grant admin role for metering. Change-Id: Ia1803d7b7b34bf48fd1282785967ac82a571a8a9 Closes-Bug: #1288047 --- README.md | 2 +- attributes/default.rb | 1 + metadata.rb | 2 +- recipes/common.rb | 2 +- recipes/identity_registration.rb | 36 ++++++++++++++++ spec/identity_registration_spec.rb | 68 ++++++++++++++++++++---------- spec/spec_helper.rb | 4 +- 7 files changed, 88 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index aef6cc0..e7241cf 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ common identity_registration ---- -- Registers the endpoints with Keystone. +- Registers the endpoints, tenant and user for metering service with Keystone. Attributes ========== diff --git a/attributes/default.rb b/attributes/default.rb index 1c5e581..6264c15 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -38,6 +38,7 @@ default['openstack']['metering']['group'] = 'ceilometer' default['openstack']['metering']['region'] = node['openstack']['region'] default['openstack']['metering']['service_user'] = 'ceilometer' default['openstack']['metering']['service_tenant_name'] = 'service' +default['openstack']['metering']['service_role'] = 'admin' case platform when 'suse' # :pragma-foodcritic: ~FC024 - won't fix this diff --git a/metadata.rb b/metadata.rb index 03f998e..2692c98 100644 --- a/metadata.rb +++ b/metadata.rb @@ -12,7 +12,7 @@ recipe 'openstack-metering::api', 'Installs API service.' recipe 'openstack-metering::client', 'Installs client.' recipe 'openstack-metering::collector', 'Installs nova network service.' recipe 'openstack-metering::common', 'Common metering configuration.' -recipe 'openstack-metering::identity_registration', 'Registers the endpoints with Keystone' +recipe 'openstack-metering::identity_registration', 'Registers the endpoints, tenant and user for metering service with Keystone' %w{ ubuntu suse }.each do |os| supports os diff --git a/recipes/common.rb b/recipes/common.rb index 9332697..d99901e 100644 --- a/recipes/common.rb +++ b/recipes/common.rb @@ -42,7 +42,7 @@ db_pass = get_password 'db', 'ceilometer' db_uri = db_uri('metering', db_user, db_pass).to_s service_user = node['openstack']['metering']['service_user'] -service_pass = get_password 'service', 'openstack-compute' +service_pass = get_password 'service', 'openstack-ceilometer' service_tenant = node['openstack']['metering']['service_tenant_name'] identity_endpoint = endpoint 'identity-api' diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb index 6f69471..ef3ce65 100644 --- a/recipes/identity_registration.rb +++ b/recipes/identity_registration.rb @@ -28,6 +28,42 @@ api_endpoint = endpoint 'metering-api' identity_admin_endpoint = endpoint 'identity-admin' bootstrap_token = secret 'secrets', 'openstack_identity_bootstrap_token' auth_uri = ::URI.decode identity_admin_endpoint.to_s +service_pass = get_password 'service', 'openstack-ceilometer' +service_user = node['openstack']['metering']['service_user'] +service_role = node['openstack']['metering']['service_role'] +service_tenant_name = node['openstack']['metering']['service_tenant_name'] + +# Register Service Tenant +openstack_identity_register 'Register Service Tenant' do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + tenant_description 'Service Tenant' + + action :create_tenant +end + +# Register Service User +openstack_identity_register 'Register Service User' do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + user_name service_user + user_pass service_pass + + action :create_user +end + +# Grant Admin role to Service User for Service Tenant +openstack_identity_register "Grant 'admin' Role to Service User for Service Tenant" do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + user_name service_user + role_name service_role + + action :grant_role +end openstack_identity_register 'Register Metering Service' do auth_uri auth_uri diff --git a/spec/identity_registration_spec.rb b/spec/identity_registration_spec.rb index 8c2c6db..4d8bb3f 100644 --- a/spec/identity_registration_spec.rb +++ b/spec/identity_registration_spec.rb @@ -8,36 +8,64 @@ describe 'openstack-metering::identity_registration' do @chef_run.converge 'openstack-metering::identity_registration' end - it 'registers metering service' do - resource = @chef_run.find_resource( - 'openstack-identity_register', - 'Register Metering Service' - ).to_hash + it 'registers service tenant' do + expect(@chef_run).to create_tenant_openstack_identity_register( + 'Register Service Tenant' + ).with( + auth_uri: 'http://127.0.0.1:35357/v2.0', + bootstrap_token: 'bootstrap-token', + tenant_name: 'service', + tenant_description: 'Service Tenant' + ) + end - expect(resource).to include( + it 'registers service user' do + expect(@chef_run).to create_user_openstack_identity_register( + 'Register Service User' + ).with( + auth_uri: 'http://127.0.0.1:35357/v2.0', + bootstrap_token: 'bootstrap-token', + tenant_name: 'service', + user_name: 'ceilometer', + user_pass: 'ceilometer-pass' + ) + end + + it 'grants admin role to service user for service tenant' do + expect(@chef_run).to grant_role_openstack_identity_register( + "Grant 'admin' Role to Service User for Service Tenant" + ).with( + auth_uri: 'http://127.0.0.1:35357/v2.0', + bootstrap_token: 'bootstrap-token', + tenant_name: 'service', + user_name: 'ceilometer', + role_name: 'admin', + action: [:grant_role] + ) + end + + it 'registers metering service' do + expect(@chef_run).to create_service_openstack_identity_register( + 'Register Metering Service' + ).with( auth_uri: 'http://127.0.0.1:35357/v2.0', bootstrap_token: 'bootstrap-token', service_name: 'ceilometer', - service_type: 'metering', - action: [:create_service] + service_type: 'metering' ) end it 'registers metering endpoint' do - resource = @chef_run.find_resource( - 'openstack-identity_register', + expect(@chef_run).to create_endpoint_openstack_identity_register( 'Register Metering Endpoint' - ).to_hash - - expect(resource).to include( + ).with( auth_uri: 'http://127.0.0.1:35357/v2.0', bootstrap_token: 'bootstrap-token', service_type: 'metering', endpoint_region: 'RegionOne', endpoint_adminurl: 'http://127.0.0.1:8777', endpoint_internalurl: 'http://127.0.0.1:8777', - endpoint_publicurl: 'http://127.0.0.1:8777', - action: [:create_endpoint] + endpoint_publicurl: 'http://127.0.0.1:8777' ) end @@ -47,14 +75,10 @@ describe 'openstack-metering::identity_registration' do end @chef_run.converge 'openstack-metering::identity_registration' - resource = @chef_run.find_resource( - 'openstack-identity_register', + expect(@chef_run).to create_endpoint_openstack_identity_register( 'Register Metering Endpoint' - ).to_hash - - expect(resource).to include( - endpoint_region: 'meteringRegion', - action: [:create_endpoint] + ).with( + endpoint_region: 'meteringRegion' ) end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index ea95f73..d1f890f 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -27,8 +27,8 @@ def metering_stubs # rubocop:disable MethodLength .with('db', anything) .and_return('') ::Chef::Recipe.any_instance.stub(:get_password) - .with('service', anything) - .and_return('') + .with('service', 'openstack-ceilometer') + .and_return('ceilometer-pass') ::Chef::Recipe.any_instance.stub(:get_password) .with('user', 'guest') .and_return('rabbit-pass')