Make user creation optional when creating service.

author Mike Dorman <mdorman@godaddy.com>

Wed, 10 Sep 2014 16:39:04 +0000 (11:39 -0500)

committer Mike Dorman <mdorman@godaddy.com>

Thu, 11 Sep 2014 23:11:51 +0000 (18:11 -0500)
author Mike Dorman <mdorman@godaddy.com>
Wed, 10 Sep 2014 16:39:04 +0000 (11:39 -0500)
committer Mike Dorman <mdorman@godaddy.com>
Thu, 11 Sep 2014 23:11:51 +0000 (18:11 -0500)
diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp

index 18f4c4e1e97ac4776ab6be994819432dfdd1e2a5..b17a7d013c82f1c425faab0b81b2f7cf57b8204c 100644 (file)
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -16,6 +16,12 @@
  # [*configure_endpoint*]
  #   Should Ceilometer endpoint be configured? Optional. Defaults to 'true'.
  #
+# [*configure_user*]
+#   Should Ceilometer service user be configured? Optional. Defaults to 'true'.
+#
+# [*configure_user_role*]
+#   Should roles be configured on Ceilometer service user? Optional. Defaults to 'true'.
+#
  # [*service_name*]
  #   Name of the service. Optional. Defaults to value of auth_name.
  #
@@ -71,24 +77,26 @@
  #    Setting this variable overrides other $internal_* parameters.
  #
  class ceilometer::keystone::auth (
-  $password           = false,
-  $email              = 'ceilometer@localhost',
-  $auth_name          = 'ceilometer',
-  $service_name       = undef,
-  $service_type       = 'metering',
-  $public_address     = '127.0.0.1',
-  $admin_address      = '127.0.0.1',
-  $internal_address   = '127.0.0.1',
-  $port               = '8777',
-  $region             = 'RegionOne',
-  $tenant             = 'services',
-  $public_protocol    = 'http',
-  $admin_protocol     = 'http',
-  $internal_protocol  = 'http',
-  $configure_endpoint = true,
-  $public_url         = undef,
-  $admin_url          = undef,
-  $internal_url       = undef,
+  $password             = false,
+  $email                = 'ceilometer@localhost',
+  $auth_name            = 'ceilometer',
+  $configure_user       = true,
+  $configure_user_role  = true,
+  $service_name         = undef,
+  $service_type         = 'metering',
+  $public_address       = '127.0.0.1',
+  $admin_address        = '127.0.0.1',
+  $internal_address     = '127.0.0.1',
+  $port                 = '8777',
+  $region               = 'RegionOne',
+  $tenant               = 'services',
+  $public_protocol      = 'http',
+  $admin_protocol       = 'http',
+  $internal_protocol    = 'http',
+  $configure_endpoint   = true,
+  $public_url           = undef,
+  $admin_url            = undef,
+  $internal_url         = undef,
  ) {
  
    validate_string($password)
@@ -117,25 +125,31 @@ class ceilometer::keystone::auth (
      $real_service_name = $auth_name
    }
  
-  Keystone_user_role["${auth_name}@${tenant}"] ~>
-    Service <| name == 'ceilometer-api' |>
-
-  keystone_user { $auth_name:
-    ensure   => present,
-    password => $password,
-    email    => $email,
-    tenant   => $tenant,
-  }
-  if !defined(Keystone_role['ResellerAdmin']) {
-    keystone_role { 'ResellerAdmin':
-      ensure => present,
+  if $configure_user {
+    keystone_user { $auth_name:
+      ensure   => present,
+      password => $password,
+      email    => $email,
+      tenant   => $tenant,
      }
    }
-  keystone_user_role { "${auth_name}@${tenant}":
-    ensure  => present,
-    roles   => ['admin', 'ResellerAdmin'],
-    require => Keystone_role['ResellerAdmin'],
+
+  if $configure_user_role {
+    Keystone_user_role["${auth_name}@${tenant}"] ~>
+      Service <| name == 'ceilometer-api' |>
+
+    if !defined(Keystone_role['ResellerAdmin']) {
+      keystone_role { 'ResellerAdmin':
+        ensure => present,
+      }
+    }
+    keystone_user_role { "${auth_name}@${tenant}":
+      ensure  => present,
+      roles   => ['admin', 'ResellerAdmin'],
+      require => Keystone_role['ResellerAdmin'],
+    }
    }
+
    keystone_service { $real_service_name:
      ensure      => present,
      type        => $service_type,
diff --git a/spec/classes/ceilometer_keystone_auth_spec.rb b/spec/classes/ceilometer_keystone_auth_spec.rb

index cf06a01d4dcf1f3e2101bcd8194b235f40400394..1960d34c2d63b57e293173ead483b4d239747fbe 100644 (file)
--- a/spec/classes/ceilometer_keystone_auth_spec.rb
+++ b/spec/classes/ceilometer_keystone_auth_spec.rb
@@ -164,6 +164,39 @@ describe 'ceilometer::keystone::auth' do
        end
      end
  
+    context 'when disabling user configuration' do
+      before do
+        params.merge!( :configure_user => false )
+      end
+
+      it { should_not contain_keystone_user('ceilometer') }
+      it { should contain_keystone_user_role('ceilometer@services') }
+
+      it { should contain_keystone_service('ceilometer').with(
+        :ensure => 'present',
+        :type        => 'metering',
+        :description => 'Openstack Metering Service'
+      )}
+    end
+
+    context 'when disabling user and role configuration' do
+      before do
+        params.merge!(
+          :configure_user       => false,
+          :configure_user_role  => false
+        )
+      end
+
+      it { should_not contain_keystone_user('ceilometer') }
+      it { should_not contain_keystone_user_role('ceilometer@services') }
+
+      it { should contain_keystone_service('ceilometer').with(
+        :ensure => 'present',
+        :type        => 'metering',
+        :description => 'Openstack Metering Service'
+      )}
+    end
+
    end
  
    context 'on Debian platforms' do
author	Mike Dorman <mdorman@godaddy.com>
	Wed, 10 Sep 2014 16:39:04 +0000 (11:39 -0500)
committer	Mike Dorman <mdorman@godaddy.com>
	Thu, 11 Sep 2014 23:11:51 +0000 (18:11 -0500)
manifests/keystone/auth.pp		patch \| blob \| history
spec/classes/ceilometer_keystone_auth_spec.rb		patch \| blob \| history