Merge "Globally support system scope credentials"

2022-03-11 11:37:56 +00:00
parent 742c93d22c be91d620fa
commit 6bb749a4da
3 changed files with 41 additions and 8 deletions
--- a/manifests/service_auth.pp
+++ b/manifests/service_auth.pp
@@ -7,27 +7,31 @@
 #   (required) Password for user
 #
 # [*auth_url*]
-#   (optional) Keystone Authentication URL
+#   (Optional) Keystone Authentication URL
 #   Defaults to 'http://localhost:5000'
 #
 # [*username*]
-#   (optional) User for accessing neutron and other services.
+#   (Optional) User for accessing neutron and other services.
 #   Defaults to 'octavia'
 #
 # [*project_name*]
-#   (optional) Tenant for accessing neutron and other services
+#   (Optional) Tenant for accessing neutron and other services
 #   Defaults to 'services'
 #
 # [*user_domain_name*]
-#   (optional) keystone user domain
+#   (Optional) keystone user domain
 #   Defaults to 'Default'
 #
 # [*project_domain_name*]
-#   (optional) keystone project domain
+#   (Optional) keystone project domain
 #   Defaults to 'Default'
 #
+# [*system_scope*]
+#   (Optional) Scope for system operations.
+#   Defaults to $::os_service_default
+#
 # [*auth_type*]
-#   (optional) keystone authentication type
+#   (Optional) keystone authentication type
 #   Defaults to 'password'
 #
 # [*region_name*]
@@ -41,19 +45,29 @@ class octavia::service_auth (
  $project_name        = 'services',
  $user_domain_name    = 'Default',
  $project_domain_name = 'Default',
+  $system_scope        = $::os_service_default,
  $auth_type           = 'password',
  $region_name         = $::os_service_default,
 ) {

  include octavia::deps

+  if is_service_default($system_scope) {
+    $project_name_real = $project_name
+    $project_domain_name_real = $project_domain_name
+  } else {
+    $project_name_real = $::os_service_default
+    $project_domain_name_real = $::os_service_default
+  }
+
  octavia_config {
    'service_auth/auth_url'            : value => $auth_url;
    'service_auth/username'            : value => $username;
-    'service_auth/project_name'        : value => $project_name;
+    'service_auth/project_name'        : value => $project_name_real;
    'service_auth/password'            : value => $password, secret => true;
    'service_auth/user_domain_name'    : value => $user_domain_name;
-    'service_auth/project_domain_name' : value => $project_domain_name;
+    'service_auth/project_domain_name' : value => $project_domain_name_real;
+    'service_auth/system_scope'        : value => $system_scope;
    'service_auth/auth_type'           : value => $auth_type;
    'service_auth/region_name'         : value => $region_name;
  }
--- a/releasenotes/notes/system_scope-all-0895d770ca1afffb.yaml
+++ b/releasenotes/notes/system_scope-all-0895d770ca1afffb.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    The new ``octavia::service_auth::system_scope`` parameter has been added.
--- a/spec/classes/octavia_service_auth_spec.rb
+++ b/spec/classes/octavia_service_auth_spec.rb
@@ -18,6 +18,7 @@ describe 'octavia::service_auth' do
        is_expected.to contain_octavia_config('service_auth/password').with_value('secrete').with_secret(true)
        is_expected.to contain_octavia_config('service_auth/user_domain_name').with_value('Default')
        is_expected.to contain_octavia_config('service_auth/project_domain_name').with_value('Default')
+        is_expected.to contain_octavia_config('service_auth/system_scope').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_octavia_config('service_auth/auth_type').with_value('password')
        is_expected.to contain_octavia_config('service_auth/region_name').with_value('<SERVICE DEFAULT>')
      end
@@ -43,10 +44,24 @@ describe 'octavia::service_auth' do
        is_expected.to contain_octavia_config('service_auth/password').with_value('secrete').with_secret(true)
        is_expected.to contain_octavia_config('service_auth/user_domain_name').with_value('my_domain_name')
        is_expected.to contain_octavia_config('service_auth/project_domain_name').with_value('our_domain_name')
+        is_expected.to contain_octavia_config('service_auth/system_scope').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_octavia_config('service_auth/auth_type').with_value('v3password')
        is_expected.to contain_octavia_config('service_auth/region_name').with_value('regionOne')
      end
    end
+
+    context 'when system_scope is set' do
+      before do
+        params.merge!(
+          :system_scope => 'all'
+        )
+      end
+      it 'configures system-scoped credential' do
+        is_expected.to contain_octavia_config('service_auth/project_domain_name').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_octavia_config('service_auth/project_name').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_octavia_config('service_auth/system_scope').with_value('all')
+      end
+    end
  end

  on_supported_os({