Merge "Add adminRole option to api config"
This commit is contained in:
commit
43bce752a9
|
@ -1,9 +0,0 @@
|
|||
fixtures:
|
||||
repositories:
|
||||
'keystone': 'git://github.com/openstack/puppet-keystone.git'
|
||||
'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile'
|
||||
'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git'
|
||||
'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git'
|
||||
'python': 'git://github.com/stankevich/puppet-python.git'
|
||||
symlinks:
|
||||
'monasca': "#{source_dir}"
|
|
@ -0,0 +1,3 @@
|
|||
mod 'wget',
|
||||
:git => "https://github.com/maestrodev/puppet-wget.git",
|
||||
:tag => 'v1.7.3'
|
|
@ -88,6 +88,11 @@
|
|||
# (Optional) Name of the role allowed to write cross tenant metrics.
|
||||
# Defaults to 'monitoring-delegate'.
|
||||
#
|
||||
# [*role_admin*]
|
||||
# (Optional) Name of the role with extended permissions. Includes ability to
|
||||
# publish metrics older than two weeks.
|
||||
# Defaults to 'monasca-admin'.
|
||||
#
|
||||
# [*roles_default*]
|
||||
# (Optional) List with the names of roles allowed to read and write metrics.
|
||||
# Defaults to ['admin','monasca-user', '_member_'].
|
||||
|
@ -130,6 +135,7 @@ class monasca::api (
|
|||
$mon_api_deb = undef,
|
||||
$region_name = 'NA',
|
||||
$role_delegate = 'monitoring-delegate',
|
||||
$role_admin = 'monasca-admin',
|
||||
$roles_agent = ['monasca-agent'],
|
||||
$roles_default = ['admin','monasca-user','_member_'],
|
||||
$roles_read_only = [],
|
||||
|
|
|
@ -107,6 +107,9 @@
|
|||
# [*role_delegate*]
|
||||
# name for the monasca delegate role
|
||||
#
|
||||
# [*role_admin*]
|
||||
# name for the monasca admin role
|
||||
#
|
||||
# [*role_user*]
|
||||
# name for the monasca user role
|
||||
#
|
||||
|
@ -142,6 +145,7 @@ class monasca::keystone::auth (
|
|||
$internal_url = undef,
|
||||
$role_agent = 'monasca-agent',
|
||||
$role_delegate = 'monitoring-delegate',
|
||||
$role_admin = 'monasca-admin',
|
||||
$role_user = 'monasca-user',
|
||||
$user_roles_agent = undef,
|
||||
$user_roles_admin = undef,
|
||||
|
@ -210,6 +214,11 @@ class monasca::keystone::auth (
|
|||
ensure => present,
|
||||
}
|
||||
}
|
||||
if !defined(Keystone_role[$role_admin]) {
|
||||
keystone_role { $role_admin:
|
||||
ensure => present,
|
||||
}
|
||||
}
|
||||
if !defined(Keystone_role[$role_user]) {
|
||||
keystone_role { $role_user:
|
||||
ensure => present,
|
||||
|
|
|
@ -0,0 +1,66 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'monasca::api' do
|
||||
|
||||
let :params do
|
||||
{}
|
||||
end
|
||||
|
||||
shared_examples 'monasca-api' do
|
||||
|
||||
context 'with default parameters' do
|
||||
|
||||
it { is_expected.to contain_class('monasca') }
|
||||
it { is_expected.to contain_class('monasca::params') }
|
||||
|
||||
it 'installs monasca-api package and service' do
|
||||
is_expected.to contain_service('monasca-api').with(
|
||||
:name => 'monasca-api',
|
||||
:ensure => 'running',
|
||||
:tag => 'monasca-service',
|
||||
)
|
||||
is_expected.to contain_package('monasca-api').with(
|
||||
:name => 'monasca-api',
|
||||
:ensure => 'latest',
|
||||
:tag => ['openstack', 'monasca-package'],
|
||||
)
|
||||
end
|
||||
|
||||
it 'configures various stuff' do
|
||||
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*region: NA$/)
|
||||
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*maxQueryLimit: 10000$/)
|
||||
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*delegateAuthorizedRole: monitoring-delegate$/)
|
||||
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*adminRole: monasca-admin$/)
|
||||
end
|
||||
end
|
||||
|
||||
context 'with overridden parameters' do
|
||||
before do
|
||||
params.merge!({
|
||||
:region_name => 'region1',
|
||||
:max_query_limit => 100,
|
||||
:role_delegate => 'monitoring-delegate2',
|
||||
:role_admin => 'monasca-admin2',
|
||||
})
|
||||
end
|
||||
|
||||
it 'configures various stuff' do
|
||||
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*region: region1$/)
|
||||
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*maxQueryLimit: 100$/)
|
||||
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*delegateAuthorizedRole: monitoring-delegate2$/)
|
||||
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*adminRole: monasca-admin2$/)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts)
|
||||
end
|
||||
it_behaves_like 'monasca-api'
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,44 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'monasca::keystone::auth' do
|
||||
|
||||
let :params do
|
||||
{}
|
||||
end
|
||||
|
||||
shared_examples 'monasca-keystone-auth' do
|
||||
|
||||
context 'with default parameters' do
|
||||
|
||||
it { is_expected.to contain_class('monasca::params') }
|
||||
|
||||
it 'configures users' do
|
||||
is_expected.to contain_keystone_user('monasca-agent')
|
||||
is_expected.to contain_keystone_user('monasca-user')
|
||||
|
||||
is_expected.to contain_keystone_role('monasca-agent')
|
||||
is_expected.to contain_keystone_role('monitoring-delegate')
|
||||
is_expected.to contain_keystone_role('monasca-admin')
|
||||
is_expected.to contain_keystone_role('monasca-user')
|
||||
|
||||
is_expected.to contain_keystone_user_role('monasca-agent@services').with(
|
||||
:roles => ['monasca-agent', 'monitoring-delegate'],
|
||||
)
|
||||
is_expected.to contain_keystone_user_role('monasca-user@services').with(
|
||||
:roles => ['monasca-user'],
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts)
|
||||
end
|
||||
it_behaves_like 'monasca-keystone-auth'
|
||||
end
|
||||
end
|
||||
end
|
|
@ -79,6 +79,7 @@ middleware:
|
|||
<%- end -%>
|
||||
agentAuthorizedRoles: <%= @roles_agent %>
|
||||
delegateAuthorizedRole: <%= @role_delegate %>
|
||||
adminRole: <%= @role_admin %>
|
||||
adminAuthMethod: <%= @auth_method %>
|
||||
adminUser: <%= @admin_name %>
|
||||
adminPassword: <%= @admin_password %>
|
||||
|
|
Loading…
Reference in New Issue