Heat Fixes
- currently non-admin user aren't able to create stacks with i.e. Resource OS::Heat::SoftwareDeployment - added heat domain heat domain_admin heat_stack_owner and user role - added missing configuration options - fixed some smaller ruby /cookstyle offenses Change-Id: I6ae544dcc6260050304e66e227383e0e944a6bb6
This commit is contained in:
parent
032dd3c51a
commit
cb26f25be4
15
Berksfile
15
Berksfile
|
@ -1,11 +1,10 @@
|
|||
source "https://supermarket.chef.io"
|
||||
source 'https://supermarket.chef.io'
|
||||
|
||||
metadata
|
||||
|
||||
cookbook "openstack-identity",
|
||||
github: "openstack/cookbook-openstack-identity"
|
||||
cookbook "openstack-common",
|
||||
github: "openstack/cookbook-openstack-common"
|
||||
cookbook "openstackclient",
|
||||
github: "cloudbau/cookbook-openstackclient"
|
||||
|
||||
cookbook 'openstack-identity',
|
||||
github: 'openstack/cookbook-openstack-identity'
|
||||
cookbook 'openstack-common',
|
||||
github: 'openstack/cookbook-openstack-common'
|
||||
cookbook 'openstackclient',
|
||||
github: 'cloudbau/cookbook-openstackclient'
|
||||
|
|
31
Rakefile
31
Rakefile
|
@ -1,40 +1,39 @@
|
|||
task default: ["test"]
|
||||
task default: ['test']
|
||||
|
||||
task :test => [:syntax, :lint, :unit]
|
||||
task test: [:syntax, :lint, :unit]
|
||||
|
||||
desc "Vendor the cookbooks in the Berksfile"
|
||||
desc 'Vendor the cookbooks in the Berksfile'
|
||||
task :berks_prep do
|
||||
sh %{chef exec berks vendor}
|
||||
sh %(chef exec berks vendor)
|
||||
end
|
||||
|
||||
desc "Run FoodCritic (syntax) tests"
|
||||
desc 'Run FoodCritic (syntax) tests'
|
||||
task :syntax do
|
||||
sh %{chef exec foodcritic --exclude spec -f any .}
|
||||
sh %(chef exec foodcritic --exclude spec -f any .)
|
||||
end
|
||||
|
||||
desc "Run RuboCop (lint) tests"
|
||||
desc 'Run RuboCop (lint) tests'
|
||||
task :lint do
|
||||
sh %{chef exec cookstyle}
|
||||
sh %(chef exec cookstyle)
|
||||
end
|
||||
|
||||
desc "Run RSpec (unit) tests"
|
||||
task :unit => :berks_prep do
|
||||
sh %{chef exec rspec --format documentation}
|
||||
desc 'Run RSpec (unit) tests'
|
||||
task unit: :berks_prep do
|
||||
sh %(chef exec rspec --format documentation)
|
||||
end
|
||||
|
||||
desc "Remove the berks-cookbooks directory and the Berksfile.lock"
|
||||
desc 'Remove the berks-cookbooks directory and the Berksfile.lock'
|
||||
task :clean do
|
||||
rm_rf [
|
||||
'berks-cookbooks',
|
||||
'Berksfile.lock'
|
||||
'Berksfile.lock',
|
||||
]
|
||||
end
|
||||
|
||||
desc "All-in-One Neutron build Infra using Common task"
|
||||
desc 'All-in-One Neutron build Infra using Common task'
|
||||
task :integration do
|
||||
# Use the common integration task
|
||||
sh %(wget -nv -t 3 -O Rakefile-Common https://raw.githubusercontent.com/openstack/cookbook-openstack-common/master/Rakefile)
|
||||
load './Rakefile-Common'
|
||||
Rake::Task["common_integration"].invoke
|
||||
Rake::Task['common_integration'].invoke
|
||||
end
|
||||
|
||||
|
|
|
@ -18,6 +18,8 @@
|
|||
#
|
||||
|
||||
default['openstack']['orchestration']['conf']['DEFAULT']['log_dir'] = '/var/log/heat'
|
||||
default['openstack']['orchestration']['conf']['DEFAULT']['stack_domain_admin'] = 'heat_domain_admin'
|
||||
default['openstack']['orchestration']['conf']['DEFAULT']['stack_user_domain_name'] = 'heat'
|
||||
default['openstack']['orchestration']['conf']['oslo_messaging_notifications']['driver'] = 'heat.openstack.common.notifier.rpc_notifier'
|
||||
default['openstack']['orchestration']['conf']['keystone_authtoken']['auth_type'] = 'v3password'
|
||||
default['openstack']['orchestration']['conf']['keystone_authtoken']['username'] = 'heat'
|
||||
|
|
|
@ -50,6 +50,7 @@ end
|
|||
|
||||
db_user = node['openstack']['db']['orchestration']['username']
|
||||
db_pass = get_password 'db', 'heat'
|
||||
stack_domain_admin = node['openstack']['orchestration']['conf']['DEFAULT']['stack_domain_admin']
|
||||
|
||||
identity_endpoint = internal_endpoint 'identity'
|
||||
identity_admin_endpoint = admin_endpoint 'identity'
|
||||
|
@ -97,6 +98,8 @@ node.default['openstack']['orchestration']['conf_secrets'].tap do |conf_secrets|
|
|||
get_password 'service', 'openstack-orchestration'
|
||||
conf_secrets['trustee']['password'] =
|
||||
get_password 'service', 'openstack-orchestration'
|
||||
conf_secrets['DEFAULT']['stack_domain_admin_password'] =
|
||||
get_password 'user', stack_domain_admin
|
||||
end
|
||||
|
||||
# merge all config options and secrets to be used in the heat.conf
|
||||
|
|
|
@ -34,7 +34,8 @@ public_heat_endpoint = public_endpoint 'orchestration-api'
|
|||
admin_heat_cfn_endpoint = admin_endpoint 'orchestration-api-cfn'
|
||||
internal_heat_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
|
||||
public_heat_cfn_endpoint = public_endpoint 'orchestration-api-cfn'
|
||||
|
||||
stack_domain_admin = node['openstack']['orchestration']['conf']['DEFAULT']['stack_domain_admin']
|
||||
stack_domain_admin_password = get_password 'user', stack_domain_admin
|
||||
service_pass = get_password 'service', 'openstack-orchestration'
|
||||
service_project_name = node['openstack']['orchestration']['conf']['keystone_authtoken']['project_name']
|
||||
service_user = node['openstack']['orchestration']['conf']['keystone_authtoken']['username']
|
||||
|
@ -42,6 +43,7 @@ service_role = node['openstack']['orchestration']['service_role']
|
|||
service_type = 'orchestration'
|
||||
service_name = 'heat'
|
||||
service_domain_name = node['openstack']['orchestration']['conf']['keystone_authtoken']['user_domain_name']
|
||||
heat_domain_name = node['openstack']['orchestration']['conf']['DEFAULT']['stack_user_domain_name']
|
||||
admin_user = node['openstack']['identity']['admin_user']
|
||||
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
||||
admin_project = node['openstack']['identity']['admin_project']
|
||||
|
@ -184,3 +186,30 @@ openstack_user service_user do
|
|||
connection_params connection_params
|
||||
action :grant_domain
|
||||
end
|
||||
|
||||
openstack_domain heat_domain_name do
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
openstack_user stack_domain_admin do
|
||||
domain_name heat_domain_name
|
||||
role_name 'admin'
|
||||
password stack_domain_admin_password
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
openstack_user stack_domain_admin do
|
||||
domain_name heat_domain_name
|
||||
role_name 'admin'
|
||||
user_name stack_domain_admin
|
||||
connection_params connection_params
|
||||
action :grant_role
|
||||
end
|
||||
|
||||
openstack_role 'heat_stack_owner' do
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
openstack_role 'heat_stack_user' do
|
||||
connection_params connection_params
|
||||
end
|
||||
|
|
|
@ -19,6 +19,8 @@ describe 'openstack-orchestration::identity_registration' do
|
|||
service_name = 'heat'
|
||||
service_type = 'orchestration'
|
||||
service_user = 'heat'
|
||||
stack_domain_admin = 'heat_domain_admin'
|
||||
stack_domain_name = 'heat'
|
||||
url = 'http://127.0.0.1:8004/v1/%(tenant_id)s'
|
||||
region = 'RegionOne'
|
||||
project_name = 'service'
|
||||
|
@ -80,6 +82,22 @@ describe 'openstack-orchestration::identity_registration' do
|
|||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to create_openstack_role(
|
||||
'heat_stack_owner'
|
||||
).with(
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to create_openstack_role(
|
||||
'heat_stack_user'
|
||||
).with(
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to grant_role_openstack_user(
|
||||
service_user
|
||||
|
@ -91,6 +109,24 @@ describe 'openstack-orchestration::identity_registration' do
|
|||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to create_openstack_domain(
|
||||
stack_domain_name
|
||||
).with(
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to grant_role_openstack_user(
|
||||
stack_domain_admin
|
||||
).with(
|
||||
domain_name: stack_domain_name,
|
||||
role_name: 'admin',
|
||||
password: password,
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
it 'register heat cloudformation service' do
|
||||
expect(chef_run).to create_openstack_service(
|
||||
'heat-cfn'
|
||||
|
|
|
@ -46,6 +46,9 @@ shared_context 'orchestration_stubs' do
|
|||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('service', 'openstack-orchestration')
|
||||
.and_return 'heat-pass'
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', 'heat_domain_admin')
|
||||
.and_return 'heat-pass'
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', 'admin')
|
||||
.and_return 'admin-pass'
|
||||
|
|
Loading…
Reference in New Issue