Merge "Add adminRole option to api config"

This commit is contained in:
Jenkins 2016-12-01 01:13:30 +00:00 committed by Gerrit Code Review
commit 43bce752a9
7 changed files with 129 additions and 9 deletions

View File

@ -1,9 +0,0 @@
fixtures:
repositories:
'keystone': 'git://github.com/openstack/puppet-keystone.git'
'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile'
'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git'
'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git'
'python': 'git://github.com/stankevich/puppet-python.git'
symlinks:
'monasca': "#{source_dir}"

3
Puppetfile_extras Normal file
View File

@ -0,0 +1,3 @@
mod 'wget',
:git => "https://github.com/maestrodev/puppet-wget.git",
:tag => 'v1.7.3'

View File

@ -88,6 +88,11 @@
# (Optional) Name of the role allowed to write cross tenant metrics.
# Defaults to 'monitoring-delegate'.
#
# [*role_admin*]
# (Optional) Name of the role with extended permissions. Includes ability to
# publish metrics older than two weeks.
# Defaults to 'monasca-admin'.
#
# [*roles_default*]
# (Optional) List with the names of roles allowed to read and write metrics.
# Defaults to ['admin','monasca-user', '_member_'].
@ -130,6 +135,7 @@ class monasca::api (
$mon_api_deb = undef,
$region_name = 'NA',
$role_delegate = 'monitoring-delegate',
$role_admin = 'monasca-admin',
$roles_agent = ['monasca-agent'],
$roles_default = ['admin','monasca-user','_member_'],
$roles_read_only = [],

View File

@ -107,6 +107,9 @@
# [*role_delegate*]
# name for the monasca delegate role
#
# [*role_admin*]
# name for the monasca admin role
#
# [*role_user*]
# name for the monasca user role
#
@ -142,6 +145,7 @@ class monasca::keystone::auth (
$internal_url = undef,
$role_agent = 'monasca-agent',
$role_delegate = 'monitoring-delegate',
$role_admin = 'monasca-admin',
$role_user = 'monasca-user',
$user_roles_agent = undef,
$user_roles_admin = undef,
@ -210,6 +214,11 @@ class monasca::keystone::auth (
ensure => present,
}
}
if !defined(Keystone_role[$role_admin]) {
keystone_role { $role_admin:
ensure => present,
}
}
if !defined(Keystone_role[$role_user]) {
keystone_role { $role_user:
ensure => present,

View File

@ -0,0 +1,66 @@
require 'spec_helper'
describe 'monasca::api' do
let :params do
{}
end
shared_examples 'monasca-api' do
context 'with default parameters' do
it { is_expected.to contain_class('monasca') }
it { is_expected.to contain_class('monasca::params') }
it 'installs monasca-api package and service' do
is_expected.to contain_service('monasca-api').with(
:name => 'monasca-api',
:ensure => 'running',
:tag => 'monasca-service',
)
is_expected.to contain_package('monasca-api').with(
:name => 'monasca-api',
:ensure => 'latest',
:tag => ['openstack', 'monasca-package'],
)
end
it 'configures various stuff' do
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*region: NA$/)
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*maxQueryLimit: 10000$/)
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*delegateAuthorizedRole: monitoring-delegate$/)
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*adminRole: monasca-admin$/)
end
end
context 'with overridden parameters' do
before do
params.merge!({
:region_name => 'region1',
:max_query_limit => 100,
:role_delegate => 'monitoring-delegate2',
:role_admin => 'monasca-admin2',
})
end
it 'configures various stuff' do
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*region: region1$/)
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*maxQueryLimit: 100$/)
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*delegateAuthorizedRole: monitoring-delegate2$/)
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*adminRole: monasca-admin2$/)
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts)
end
it_behaves_like 'monasca-api'
end
end
end

View File

@ -0,0 +1,44 @@
require 'spec_helper'
describe 'monasca::keystone::auth' do
let :params do
{}
end
shared_examples 'monasca-keystone-auth' do
context 'with default parameters' do
it { is_expected.to contain_class('monasca::params') }
it 'configures users' do
is_expected.to contain_keystone_user('monasca-agent')
is_expected.to contain_keystone_user('monasca-user')
is_expected.to contain_keystone_role('monasca-agent')
is_expected.to contain_keystone_role('monitoring-delegate')
is_expected.to contain_keystone_role('monasca-admin')
is_expected.to contain_keystone_role('monasca-user')
is_expected.to contain_keystone_user_role('monasca-agent@services').with(
:roles => ['monasca-agent', 'monitoring-delegate'],
)
is_expected.to contain_keystone_user_role('monasca-user@services').with(
:roles => ['monasca-user'],
)
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts)
end
it_behaves_like 'monasca-keystone-auth'
end
end
end

View File

@ -79,6 +79,7 @@ middleware:
<%- end -%>
agentAuthorizedRoles: <%= @roles_agent %>
delegateAuthorizedRole: <%= @role_delegate %>
adminRole: <%= @role_admin %>
adminAuthMethod: <%= @auth_method %>
adminUser: <%= @admin_name %>
adminPassword: <%= @admin_password %>