Add adminRole option to api config
Includes basic tests for the affected classes and params Change-Id: I9e819bb89a2101c902aae8d17eef5e0adc8c7e86
This commit is contained in:
parent
c1c9f0dd52
commit
54ddc2f9b4
|
@ -1,9 +0,0 @@
|
||||||
fixtures:
|
|
||||||
repositories:
|
|
||||||
'keystone': 'git://github.com/openstack/puppet-keystone.git'
|
|
||||||
'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile'
|
|
||||||
'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git'
|
|
||||||
'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git'
|
|
||||||
'python': 'git://github.com/stankevich/puppet-python.git'
|
|
||||||
symlinks:
|
|
||||||
'monasca': "#{source_dir}"
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
mod 'wget',
|
||||||
|
:git => "https://github.com/maestrodev/puppet-wget.git",
|
||||||
|
:tag => 'v1.7.3'
|
|
@ -88,6 +88,11 @@
|
||||||
# (Optional) Name of the role allowed to write cross tenant metrics.
|
# (Optional) Name of the role allowed to write cross tenant metrics.
|
||||||
# Defaults to 'monitoring-delegate'.
|
# Defaults to 'monitoring-delegate'.
|
||||||
#
|
#
|
||||||
|
# [*role_admin*]
|
||||||
|
# (Optional) Name of the role with extended permissions. Includes ability to
|
||||||
|
# publish metrics older than two weeks.
|
||||||
|
# Defaults to 'monasca-admin'.
|
||||||
|
#
|
||||||
# [*roles_default*]
|
# [*roles_default*]
|
||||||
# (Optional) List with the names of roles allowed to read and write metrics.
|
# (Optional) List with the names of roles allowed to read and write metrics.
|
||||||
# Defaults to ['admin','monasca-user', '_member_'].
|
# Defaults to ['admin','monasca-user', '_member_'].
|
||||||
|
@ -130,6 +135,7 @@ class monasca::api (
|
||||||
$mon_api_deb = undef,
|
$mon_api_deb = undef,
|
||||||
$region_name = 'NA',
|
$region_name = 'NA',
|
||||||
$role_delegate = 'monitoring-delegate',
|
$role_delegate = 'monitoring-delegate',
|
||||||
|
$role_admin = 'monasca-admin',
|
||||||
$roles_agent = ['monasca-agent'],
|
$roles_agent = ['monasca-agent'],
|
||||||
$roles_default = ['admin','monasca-user','_member_'],
|
$roles_default = ['admin','monasca-user','_member_'],
|
||||||
$roles_read_only = [],
|
$roles_read_only = [],
|
||||||
|
|
|
@ -107,6 +107,9 @@
|
||||||
# [*role_delegate*]
|
# [*role_delegate*]
|
||||||
# name for the monasca delegate role
|
# name for the monasca delegate role
|
||||||
#
|
#
|
||||||
|
# [*role_admin*]
|
||||||
|
# name for the monasca admin role
|
||||||
|
#
|
||||||
# [*role_user*]
|
# [*role_user*]
|
||||||
# name for the monasca user role
|
# name for the monasca user role
|
||||||
#
|
#
|
||||||
|
@ -142,6 +145,7 @@ class monasca::keystone::auth (
|
||||||
$internal_url = undef,
|
$internal_url = undef,
|
||||||
$role_agent = 'monasca-agent',
|
$role_agent = 'monasca-agent',
|
||||||
$role_delegate = 'monitoring-delegate',
|
$role_delegate = 'monitoring-delegate',
|
||||||
|
$role_admin = 'monasca-admin',
|
||||||
$role_user = 'monasca-user',
|
$role_user = 'monasca-user',
|
||||||
$user_roles_agent = undef,
|
$user_roles_agent = undef,
|
||||||
$user_roles_admin = undef,
|
$user_roles_admin = undef,
|
||||||
|
@ -210,6 +214,11 @@ class monasca::keystone::auth (
|
||||||
ensure => present,
|
ensure => present,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if !defined(Keystone_role[$role_admin]) {
|
||||||
|
keystone_role { $role_admin:
|
||||||
|
ensure => present,
|
||||||
|
}
|
||||||
|
}
|
||||||
if !defined(Keystone_role[$role_user]) {
|
if !defined(Keystone_role[$role_user]) {
|
||||||
keystone_role { $role_user:
|
keystone_role { $role_user:
|
||||||
ensure => present,
|
ensure => present,
|
||||||
|
|
|
@ -0,0 +1,66 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'monasca::api' do
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
{}
|
||||||
|
end
|
||||||
|
|
||||||
|
shared_examples 'monasca-api' do
|
||||||
|
|
||||||
|
context 'with default parameters' do
|
||||||
|
|
||||||
|
it { is_expected.to contain_class('monasca') }
|
||||||
|
it { is_expected.to contain_class('monasca::params') }
|
||||||
|
|
||||||
|
it 'installs monasca-api package and service' do
|
||||||
|
is_expected.to contain_service('monasca-api').with(
|
||||||
|
:name => 'monasca-api',
|
||||||
|
:ensure => 'running',
|
||||||
|
:tag => 'monasca-service',
|
||||||
|
)
|
||||||
|
is_expected.to contain_package('monasca-api').with(
|
||||||
|
:name => 'monasca-api',
|
||||||
|
:ensure => 'latest',
|
||||||
|
:tag => ['openstack', 'monasca-package'],
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configures various stuff' do
|
||||||
|
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*region: NA$/)
|
||||||
|
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*maxQueryLimit: 10000$/)
|
||||||
|
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*delegateAuthorizedRole: monitoring-delegate$/)
|
||||||
|
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*adminRole: monasca-admin$/)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with overridden parameters' do
|
||||||
|
before do
|
||||||
|
params.merge!({
|
||||||
|
:region_name => 'region1',
|
||||||
|
:max_query_limit => 100,
|
||||||
|
:role_delegate => 'monitoring-delegate2',
|
||||||
|
:role_admin => 'monasca-admin2',
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configures various stuff' do
|
||||||
|
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*region: region1$/)
|
||||||
|
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*maxQueryLimit: 100$/)
|
||||||
|
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*delegateAuthorizedRole: monitoring-delegate2$/)
|
||||||
|
is_expected.to contain_file('/etc/monasca/api-config.yml').with_content(/^\s*adminRole: monasca-admin2$/)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
on_supported_os({
|
||||||
|
:supported_os => OSDefaults.get_supported_os
|
||||||
|
}).each do |os,facts|
|
||||||
|
context "on #{os}" do
|
||||||
|
let (:facts) do
|
||||||
|
facts.merge!(OSDefaults.get_facts)
|
||||||
|
end
|
||||||
|
it_behaves_like 'monasca-api'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,44 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'monasca::keystone::auth' do
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
{}
|
||||||
|
end
|
||||||
|
|
||||||
|
shared_examples 'monasca-keystone-auth' do
|
||||||
|
|
||||||
|
context 'with default parameters' do
|
||||||
|
|
||||||
|
it { is_expected.to contain_class('monasca::params') }
|
||||||
|
|
||||||
|
it 'configures users' do
|
||||||
|
is_expected.to contain_keystone_user('monasca-agent')
|
||||||
|
is_expected.to contain_keystone_user('monasca-user')
|
||||||
|
|
||||||
|
is_expected.to contain_keystone_role('monasca-agent')
|
||||||
|
is_expected.to contain_keystone_role('monitoring-delegate')
|
||||||
|
is_expected.to contain_keystone_role('monasca-admin')
|
||||||
|
is_expected.to contain_keystone_role('monasca-user')
|
||||||
|
|
||||||
|
is_expected.to contain_keystone_user_role('monasca-agent@services').with(
|
||||||
|
:roles => ['monasca-agent', 'monitoring-delegate'],
|
||||||
|
)
|
||||||
|
is_expected.to contain_keystone_user_role('monasca-user@services').with(
|
||||||
|
:roles => ['monasca-user'],
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
on_supported_os({
|
||||||
|
:supported_os => OSDefaults.get_supported_os
|
||||||
|
}).each do |os,facts|
|
||||||
|
context "on #{os}" do
|
||||||
|
let (:facts) do
|
||||||
|
facts.merge!(OSDefaults.get_facts)
|
||||||
|
end
|
||||||
|
it_behaves_like 'monasca-keystone-auth'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -79,6 +79,7 @@ middleware:
|
||||||
<%- end -%>
|
<%- end -%>
|
||||||
agentAuthorizedRoles: <%= @roles_agent %>
|
agentAuthorizedRoles: <%= @roles_agent %>
|
||||||
delegateAuthorizedRole: <%= @role_delegate %>
|
delegateAuthorizedRole: <%= @role_delegate %>
|
||||||
|
adminRole: <%= @role_admin %>
|
||||||
adminAuthMethod: <%= @auth_method %>
|
adminAuthMethod: <%= @auth_method %>
|
||||||
adminUser: <%= @admin_name %>
|
adminUser: <%= @admin_name %>
|
||||||
adminPassword: <%= @admin_password %>
|
adminPassword: <%= @admin_password %>
|
||||||
|
|
Loading…
Reference in New Issue