- Migrate away from using the log resource to using converge_by. This finally
fixes idempotency issues we were having with all of these resources
- Fix :delete action in openstack_domain by disabling the domain prior to
destroying it
- Add missing references to new_resource parameters
- Fix :delete action in openstack_endpoint resource
- Add domain_name property in openstack_project resource. This is required and
would throw a deprecation warning in the backend system.
- Fix logic around user grant/revoke actions
- Cookstyle fixes
Depends-On: https://review.opendev.org/c/openstack/openstack-chef/+/838415
Change-Id: I33601eb5595c794a9a025417ed3bc88cfa6cfaf0
Signed-off-by: Lance Albertson <lance@osuosl.org>
Also loosen the fog-openstack dependency a bit since this is now included in
Chef Workstation and will likely cause issues when doing testing.
Depends-On: https://review.opendev.org/747503
Depends-On: https://review.opendev.org/740342
Change-Id: Iaa0ccfa7dd47a729423fc7ce1115849a282d2511
Signed-off-by: Lance Albertson <lance@osuosl.org>
As project and user names are only unique for each domain and some
Keystone settings may filter user listing, any user or project search by
name needs to include the associated domain.
This change fixes any search done by name of a project or user in the
openstack_user resource. It is
assumed that if no domain is specified and there are multiple elements
with the same name, the first search result is
chosen.
Closes-Bug: #1871144
Change-Id: I0ed3ffabab5f8b0959c3b2c50a3619f378e59c9e
Signed-off-by: Henrique Santos <hfigueiredosantos@tecnico.ulisboa.pt>
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Update delivery configuration to exclude integration cookbooks
Depends-On: https://review.opendev.org/701027
Change-Id: I0bda5cd86c7c3afc89f7a813b5bb2baa56eb3ed8
This is for individual cookbook integration testing.
Depends-On: https://review.opendev.org/702772
Change-Id: I58e1e50abc2b6d5847cc08d022a303f2993db8d8
The new version contains the fix for the issue we were having with
specifying the endpoint_type for connections [0].
[0} https://github.com/fog/fog-openstack/pull/494
Change-Id: I5d2c4d5c61256dcd7d00dc3007df966b350b66b3
This partially reverts commit 1379c2a8c9 and pins the gem to the latest stable release.
Depends-On: https://review.openstack.org/607683
Change-Id: I70c37040ff3a50f61d738e7a6a3111bcefc15a79
The breaking changes of 0.3.1 have been reverted in 0.3.2 and the
changes have been reintroduced in 1.0.0.
Change-Id: I3bb53ef37a0a505adf5c06bf501f3f100632e21d
The update of the fog-openstack ruby gem from 0.12.7 to 0.2.0 breaks
Chef recipes. The first call to cookbook-openstackclient from
cookbook-openstack-identity:recipes/registration.rb fails already with
something like (extract from a kitchen run of openstack-chef-repo):
ERROR: openstack_domain[default] (openstack-identity::registration line 69)
had an error: Fog::Identity::OpenStack::NotFound: Expected([200]) <=>
Actual(404 Not Found)
(http://127.0.0.1:35357/v3/v3/domains): The resource could not be found.
Change-Id: I4d30cb1770b6774b39bfd4e4c413f25816b405df
Unlike the rest of the library, openstack_user's grant_domain and
revoke_domain actions bypass the fog models and call directly into the
requests. It works, but it is inconsistent and confusing.
This patch uses user.grant_role instead of directly calling
connection.grant_domain_user_role. Likewise for revoke_domain.
This patch adds platform and version to the spec files. Without it,
every single test results in this warning:
WARNING: you must specify a 'platform' and 'version' to your ChefSpec Runner and/or Fauxhai constructor, in the future omitting these will become a hard error. A list of available platforms is available at https://github.com/customink/fauxhai/blob/master/PLATFORMS.md
The new comments try to clarify the purpose of the ":grant_domain"
action of the openstack_user resource.
In contrast to what the name may suggest, the action does not grant a
domain (which is not possible). Instead, it grants a role to a user who
is already in a specific domain. The domain attribute is merely used to
identify the user.
For reasonably recent OpenStack releases, users are always created in a
domain (by default in the aptly named 'Default' domain). With this
patch, a new domain name attribute can be passed to the openstack_user's
:create action in order to create a user in a specific domain.
If the project tenant is given when creating the user account,
honor it by assigning that as the _default_ project tenant.
This is especially helpful when creating initial service accounts and
assigning them to the `service` project).