Update keystone::auth to match latest pattern.

Most of our modules allow deployers to specify public_url, internal_url
and admin_url.

Tuskar is still doing it the old way by making a deployer to specify
public_port, public_address and public_protocol. This commit aims to
bring tuskar keystone::auth class up to date with the other modules

Sources :

 * nova: https://raw.githubusercontent.com/openstack/puppet-nova/master/manifests/keystone/auth.pp
 * cinder: https://raw.githubusercontent.com/openstack/puppet-cinder/master/manifests/keystone/auth.pp

Change-Id: I6137858838708ced8089072b280ce419d5bb98f5
This commit is contained in:
Yanis Guenane 2015-10-14 13:58:58 +02:00
parent 52120a9c64
commit 65c86d981a
2 changed files with 149 additions and 20 deletions

View File

@ -36,6 +36,18 @@
# [*configure_endpoint*]
# Should Tuskar endpoint be configured? Defaults to 'true'.
#
# [*configure_user*]
# (Optional) Should the service user be configured?
# Defaults to 'true'.
#
# [*configure_user_role*]
# (Optional) Should the admin role be configured for the service user?
# Defaults to 'true'.
#
# [*service_name*]
# (Optional) Name of the service.
# Defaults to the value of auth_name, but must differ from the value.
#
# [*service_type*]
# Type of service. Defaults to 'management'.
#
@ -43,32 +55,51 @@
# Description for keystone service. Optional. Defaults to 'Tuskar Management Service'.
#
# [*public_protocol*]
# (optional) DEPRECATED: Use public_url instead.
# Protocol for public endpoint. Defaults to 'http'.
#
# [*public_address*]
# (optional) DEPRECATED: Use public_url instead.
# Public address for endpoint. Defaults to '127.0.0.1'.
#
# [*admin_protocol*]
# (optional) DEPRECATED: Use admin_url instead.
# Protocol for admin endpoint. Defaults to 'http'.
#
# [*admin_address*]
# (optional) DEPRECATED: Use admin_url instead.
# Admin address for endpoint. Defaults to '127.0.0.1'.
#
# [*internal_protocol*]
# (optional) DEPRECATED: Use internal_url instead.
# Protocol for internal endpoint. Defaults to 'http'.
#
# [*internal_address*]
# (optional) DEPRECATED: Use internal_url instead.
# Internal address for endpoint. Defaults to '127.0.0.1'.
#
# [*port*]
# (optional) DEPRECATED: Use public_url, internal_url and admin_url instead.
# Port for endpoint. Defaults to '8585'.
#
# [*public_port*]
# (optional) DEPRECATED: Use public_url instead.
# Port for public endpoint. Defaults to $port.
#
# [*region*]
# Region for endpoint. Defaults to 'RegionOne'.
#
# [*public_url*]
# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8585')
# This url should *not* contain any trailing '/'.
#
# [*admin_url*]
# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:8585')
# This url should *not* contain any trailing '/'.
#
# [*internal_url*]
# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:8585')
# This url should *not* contain any trailing '/'.
#
class tuskar::keystone::auth (
$password,
@ -76,41 +107,107 @@ class tuskar::keystone::auth (
$email = 'tuskar@localhost',
$tenant = 'services',
$configure_endpoint = true,
$configure_user = true,
$configure_user_role = true,
$service_name = undef,
$service_type = 'management',
$service_description = 'Tuskar Management Service',
$public_protocol = 'http',
$public_address = '127.0.0.1',
$admin_protocol = 'http',
$admin_address = '127.0.0.1',
$internal_protocol = 'http',
$internal_address = '127.0.0.1',
$port = '8585',
$region = 'RegionOne',
$public_url = 'http://127.0.0.1:8585',
$admin_url = 'http://127.0.0.1:8585',
$internal_url = 'http://127.0.0.1:8585',
# DEPRECATED
$port = undef,
$public_protocol = undef,
$public_address = undef,
$admin_protocol = undef,
$admin_address = undef,
$internal_protocol = undef,
$internal_address = undef,
$public_port = undef,
$region = 'RegionOne'
) {
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'tuskar-api' |>
Keystone_endpoint["${region}/${auth_name}"] ~> Service <| name == 'tuskar-api' |>
if ! $public_port {
$real_public_port = $port
} else {
$real_public_port = $public_port
if $port {
warning('The port parameter is deprecated, use public_url, internal_url and admin_url instead.')
}
if $public_port {
warning('The public_port parameter is deprecated, use public_url instead.')
}
if $public_protocol {
warning('The public_protocol parameter is deprecated, use public_url instead.')
}
if $public_address {
warning('The public_address parameter is deprecated, use public_url instead.')
}
if $internal_protocol {
warning('The internal_protocol parameter is deprecated, use internal_url instead.')
}
if $internal_address {
warning('The internal_address parameter is deprecated, use internal_url instead.')
}
if $admin_address {
warning('The admin_address parameter is deprecated, use admin_url instead.')
}
if $admin_protocol {
warning('The admin_protocol parameter is deprecated, use admin_url instead.')
}
if ($public_protocol or $public_address or $port or $public_port) {
$public_url_real = sprintf('%s://%s:%s',
pick($public_protocol, 'http'),
pick($public_address, '127.0.0.1'),
pick($public_port, $port, '8585'))
} else {
$public_url_real = $public_url
}
if ($admin_protocol or $admin_address or $port) {
$admin_url_real = sprintf('%s://%s:%s',
pick($admin_protocol, 'http'),
pick($admin_address, '127.0.0.1'),
pick($port, '8585'))
} else {
$admin_url_real = $admin_url
}
if ($internal_protocol or $internal_address or $port) {
$internal_url_real = sprintf('%s://%s:%s',
pick($internal_protocol, 'http'),
pick($internal_address, '127.0.0.1'),
pick($port, '8585'))
} else {
$internal_url_real = $internal_url
}
$real_service_name = pick($service_name, $auth_name)
if $configure_user_role {
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'tuskar-api' |>
}
Keystone_endpoint["${region}/${auth_name}"] ~> Service <| name == 'tuskar-api' |>
keystone::resource::service_identity { $auth_name:
configure_user => true,
configure_user_role => true,
configure_user => $configure_user,
configure_user_role => $configure_user_role,
configure_endpoint => $configure_endpoint,
service_name => $real_service_name,
service_type => $service_type,
service_description => $service_description,
region => $region,
password => $password,
email => $email,
tenant => $tenant,
public_url => "${public_protocol}://${public_address}:${real_public_port}",
internal_url => "${internal_protocol}://${internal_address}:${port}",
admin_url => "${admin_protocol}://${admin_address}:${port}",
public_url => $public_url_real,
internal_url => $internal_url_real,
admin_url => $admin_url_real,
}
}

View File

@ -40,6 +40,22 @@ describe 'tuskar::keystone::auth' do
) }
end
describe 'with endpoint parameters' do
let :params do
{ :password => 'tuskar_password',
:public_url => 'https://10.0.0.10:8585',
:admin_url => 'https://10.0.0.11:8585',
:internal_url => 'https://10.0.0.11:8585' }
end
it { is_expected.to contain_keystone_endpoint('RegionOne/tuskar').with(
:ensure => 'present',
:public_url => 'https://10.0.0.10:8585',
:admin_url => 'https://10.0.0.11:8585',
:internal_url => 'https://10.0.0.11:8585'
) }
end
describe 'when configuring tuskar-server' do
let :pre_condition do
"class { 'tuskar::server': auth_password => 'test' }"
@ -81,4 +97,20 @@ describe 'tuskar::keystone::auth' do
it { is_expected.to contain_keystone_service('tuskary') }
it { is_expected.to contain_keystone_endpoint('RegionOne/tuskary') }
end
describe 'when overriding various parameters' do
let :params do
{ :password => 'foo',
:service_name => 'mytuskar',
:configure_user => false,
:configure_user_role => false }
end
it { is_expected.to contain_keystone__resource__service_identity('tuskar').with(
:service_name => 'mytuskar',
:configure_user => false,
:configure_user_role => false,
) }
end
end