From: Mike Dorman <mdorman@godaddy.com>
Date: Wed, 10 Sep 2014 16:39:04 +0000 (-0500)
Subject: Make user creation optional when creating service.
X-Git-Tag: 5.0.0~8^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=7719ceaff07b933006b34aa04e568b4db206bea1;p=puppet-modules%2Fpuppet-ceilometer.git

Make user creation optional when creating service.

In some cases it is useful to be able to just configure
the service in Keystone and not the service user. This
is the case when e.g. a read only LDAP backend is used.
Added a parameter configure_user (defaults to true).
Closes-Bug: 1360232

Change-Id: I541224b9bf431da957b9de31909e0aad5c9be187
---

diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp
index 18f4c4e..b17a7d0 100644
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -16,6 +16,12 @@
 # [*configure_endpoint*]
 #   Should Ceilometer endpoint be configured? Optional. Defaults to 'true'.
 #
+# [*configure_user*]
+#   Should Ceilometer service user be configured? Optional. Defaults to 'true'.
+#
+# [*configure_user_role*]
+#   Should roles be configured on Ceilometer service user? Optional. Defaults to 'true'.
+#
 # [*service_name*]
 #   Name of the service. Optional. Defaults to value of auth_name.
 #
@@ -71,24 +77,26 @@
 #    Setting this variable overrides other $internal_* parameters.
 #
 class ceilometer::keystone::auth (
-  $password           = false,
-  $email              = 'ceilometer@localhost',
-  $auth_name          = 'ceilometer',
-  $service_name       = undef,
-  $service_type       = 'metering',
-  $public_address     = '127.0.0.1',
-  $admin_address      = '127.0.0.1',
-  $internal_address   = '127.0.0.1',
-  $port               = '8777',
-  $region             = 'RegionOne',
-  $tenant             = 'services',
-  $public_protocol    = 'http',
-  $admin_protocol     = 'http',
-  $internal_protocol  = 'http',
-  $configure_endpoint = true,
-  $public_url         = undef,
-  $admin_url          = undef,
-  $internal_url       = undef,
+  $password             = false,
+  $email                = 'ceilometer@localhost',
+  $auth_name            = 'ceilometer',
+  $configure_user       = true,
+  $configure_user_role  = true,
+  $service_name         = undef,
+  $service_type         = 'metering',
+  $public_address       = '127.0.0.1',
+  $admin_address        = '127.0.0.1',
+  $internal_address     = '127.0.0.1',
+  $port                 = '8777',
+  $region               = 'RegionOne',
+  $tenant               = 'services',
+  $public_protocol      = 'http',
+  $admin_protocol       = 'http',
+  $internal_protocol    = 'http',
+  $configure_endpoint   = true,
+  $public_url           = undef,
+  $admin_url            = undef,
+  $internal_url         = undef,
 ) {
 
   validate_string($password)
@@ -117,25 +125,31 @@ class ceilometer::keystone::auth (
     $real_service_name = $auth_name
   }
 
-  Keystone_user_role["${auth_name}@${tenant}"] ~>
-    Service <| name == 'ceilometer-api' |>
-
-  keystone_user { $auth_name:
-    ensure   => present,
-    password => $password,
-    email    => $email,
-    tenant   => $tenant,
-  }
-  if !defined(Keystone_role['ResellerAdmin']) {
-    keystone_role { 'ResellerAdmin':
-      ensure => present,
+  if $configure_user {
+    keystone_user { $auth_name:
+      ensure   => present,
+      password => $password,
+      email    => $email,
+      tenant   => $tenant,
     }
   }
-  keystone_user_role { "${auth_name}@${tenant}":
-    ensure  => present,
-    roles   => ['admin', 'ResellerAdmin'],
-    require => Keystone_role['ResellerAdmin'],
+
+  if $configure_user_role {
+    Keystone_user_role["${auth_name}@${tenant}"] ~>
+      Service <| name == 'ceilometer-api' |>
+
+    if !defined(Keystone_role['ResellerAdmin']) {
+      keystone_role { 'ResellerAdmin':
+        ensure => present,
+      }
+    }
+    keystone_user_role { "${auth_name}@${tenant}":
+      ensure  => present,
+      roles   => ['admin', 'ResellerAdmin'],
+      require => Keystone_role['ResellerAdmin'],
+    }
   }
+
   keystone_service { $real_service_name:
     ensure      => present,
     type        => $service_type,
diff --git a/spec/classes/ceilometer_keystone_auth_spec.rb b/spec/classes/ceilometer_keystone_auth_spec.rb
index cf06a01..1960d34 100644
--- a/spec/classes/ceilometer_keystone_auth_spec.rb
+++ b/spec/classes/ceilometer_keystone_auth_spec.rb
@@ -164,6 +164,39 @@ describe 'ceilometer::keystone::auth' do
       end
     end
 
+    context 'when disabling user configuration' do
+      before do
+        params.merge!( :configure_user => false )
+      end
+
+      it { should_not contain_keystone_user('ceilometer') }
+      it { should contain_keystone_user_role('ceilometer@services') }
+
+      it { should contain_keystone_service('ceilometer').with(
+        :ensure => 'present',
+        :type        => 'metering',
+        :description => 'Openstack Metering Service'
+      )}
+    end
+
+    context 'when disabling user and role configuration' do
+      before do
+        params.merge!(
+          :configure_user       => false,
+          :configure_user_role  => false
+        )
+      end
+
+      it { should_not contain_keystone_user('ceilometer') }
+      it { should_not contain_keystone_user_role('ceilometer@services') }
+
+      it { should contain_keystone_service('ceilometer').with(
+        :ensure => 'present',
+        :type        => 'metering',
+        :description => 'Openstack Metering Service'
+      )}
+    end
+
   end
 
   context 'on Debian platforms' do