Use common resource to manage keystone resources

The puppet-keystone module provides the common defined resource type to manage all resources needed to integrate a service to keystone. This replaces the existing bare implementation by the common resource. Change-Id: Ibec4407b2816869d62478de0ea5a780a70c08ffb
2024-01-02 17:51:07 +09:00 · 2024-01-02 17:51:07 +09:00 · 21555c537f
parent 2bbb88eeee
commit 21555c537f
2 changed files with 33 additions and 45 deletions
--- a/manifests/rgw/keystone/auth.pp
+++ b/manifests/rgw/keystone/auth.pp
@ -66,31 +66,24 @@ class ceph::rgw::keystone::auth (
  include openstacklib::openstackclient
-  ensure_resource('keystone_service', "${service_name}::${service_type}", {
+  Keystone::Resource::Service_identity['rgw'] -> Service<| tag == 'ceph-radosgw' |>
    'ensure'      => 'present',
    'description' => $service_description,
  } )
-  ensure_resource('keystone_endpoint', "${region}/${service_name}::${service_type}", {
+  keystone::resource::service_identity { 'rgw':
-    'ensure'       => 'present',
+    configure_user      => true,
-    'public_url'   => $public_url,
+    configure_user_role => true,
-    'admin_url'    => $admin_url,
+    configure_endpoint  => true,
-    'internal_url' => $internal_url,
+    service_name        => $service_name,
-  } )
+    service_type        => $service_type,
-
+    service_description => $service_description,
-  keystone_user { $user:
+    region              => $region,
-    ensure   => present,
+    auth_name           => $user,
-    password => $password,
+    password            => $password,
-    email    => $email,
+    email               => $email,
-  }
+    tenant              => $tenant,
-
+    roles               => $roles,
-  ensure_resource('keystone_role', $roles, {
+    public_url          => $public_url,
-    'ensure' => 'present'
+    internal_url        => $internal_url,
-  } )
+    admin_url           => $admin_url,
  keystone_user_role { "${user}@${tenant}":
    ensure => present,
    roles  => $roles,
  }
 }
--- a/spec/classes/ceph_rgw_keystone_auth_spec.rb
+++ b/spec/classes/ceph_rgw_keystone_auth_spec.rb
@ -13,27 +13,22 @@ describe 'ceph::rgw::keystone::auth' do
    it {
      should contain_class('openstacklib::openstackclient')
-      should contain_keystone_service('swift::object-store').with(
+      should contain_keystone__resource__service_identity('rgw').with(
-        :ensure      => 'present',
+        :configure_user      => true,
-        :description => 'Ceph RGW Service',
+        :configure_endpoint  => true,
-      )
+        :configure_user_role => true,
-      should contain_keystone_endpoint('RegionOne/swift::object-store').with(
+        :service_name        => 'swift',
-        :ensure       => 'present',
+        :service_type        => 'object-store',
-        :public_url   => 'http://127.0.0.1:8080/swift/v1',
+        :service_description => 'Ceph RGW Service',
-        :admin_url    => 'http://127.0.0.1:8080/swift/v1',
+        :region              => 'RegionOne',
-        :internal_url => 'http://127.0.0.1:8080/swift/v1',
+        :auth_name           => 'rgw_user',
-      )
+        :password            => 'rgw_password',
-      should contain_keystone_user('rgw_user').with(
+        :email               => 'rgwuser@localhost',
-        :ensure   => 'present',
+        :tenant              => 'services',
-        :password => 'rgw_password',
+        :roles               => ['admin'],
-        :email    => 'rgwuser@localhost',
+        :public_url          => 'http://127.0.0.1:8080/swift/v1',
-      )
+        :admin_url           => 'http://127.0.0.1:8080/swift/v1',
-      should contain_keystone_role('admin').with(
+        :internal_url        => 'http://127.0.0.1:8080/swift/v1',
        :ensure => 'present',
      )
      should contain_keystone_user_role('rgw_user@services').with(
        :ensure => 'present',
        :roles  => ['admin'],
      )
    }
  end