8 :concat_basedir => '/var/lib/puppet/concat',
9 :fqdn => 'some.host.tld'
15 :osfamily => 'Debian',
16 :operatingsystem => 'Debian',
17 :operatingsystemrelease => '7.0',
18 :processorcount => '1'
23 'admin_token' => 'service_token',
24 'package_ensure' => 'present',
25 'client_package_ensure' => 'present',
26 'public_bind_host' => '0.0.0.0',
27 'admin_bind_host' => '0.0.0.0',
28 'public_port' => '5000',
29 'admin_port' => '35357',
30 'admin_token' => 'service_token',
33 'catalog_type' => 'sql',
34 'catalog_driver' => false,
35 'token_provider' => 'keystone.token.providers.uuid.Provider',
36 'token_driver' => 'keystone.token.persistence.backends.sql.Token',
37 'revoke_driver' => 'keystone.contrib.revoke.backends.sql.Revoke',
38 'cache_dir' => '/var/cache/keystone',
39 'enable_ssl' => false,
40 'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem',
41 'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem',
42 'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
43 'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
44 'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
46 'manage_service' => true,
47 'database_connection' => 'sqlite:////var/lib/keystone/keystone.db',
48 'database_idle_timeout' => '200',
49 'enable_pki_setup' => true,
50 'signing_certfile' => '/etc/keystone/ssl/certs/signing_cert.pem',
51 'signing_keyfile' => '/etc/keystone/ssl/private/signing_key.pem',
52 'signing_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
53 'signing_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
54 'rabbit_host' => 'localhost',
55 'rabbit_password' => 'guest',
56 'rabbit_userid' => 'guest',
57 'admin_workers' => 20,
58 'public_workers' => 20,
63 'package_ensure' => 'latest',
64 'client_package_ensure' => 'latest',
65 'public_bind_host' => '0.0.0.0',
66 'admin_bind_host' => '0.0.0.0',
67 'public_port' => '5001',
68 'admin_port' => '35358',
69 'admin_token' => 'service_token_override',
72 'catalog_type' => 'template',
73 'token_provider' => 'keystone.token.providers.uuid.Provider',
74 'token_driver' => 'keystone.token.backends.kvs.Token',
75 'revoke_driver' => 'keystone.contrib.revoke.backends.kvs.Revoke',
76 'public_endpoint' => 'https://localhost:5000/v2.0/',
77 'admin_endpoint' => 'https://localhost:35357/v2.0/',
79 'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem',
80 'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem',
81 'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
82 'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
83 'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
85 'manage_service' => true,
86 'database_connection' => 'mysql://a:b@c/d',
87 'database_idle_timeout' => '300',
88 'enable_pki_setup' => true,
89 'signing_certfile' => '/etc/keystone/ssl/certs/signing_cert.pem',
90 'signing_keyfile' => '/etc/keystone/ssl/private/signing_key.pem',
91 'signing_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
92 'signing_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
93 'rabbit_host' => '127.0.0.1',
94 'rabbit_password' => 'openstack',
95 'rabbit_userid' => 'admin',
96 'default_domain' => 'other_domain',
99 httpd_params = {'service_name' => 'httpd'}.merge(default_params)
101 shared_examples_for 'core keystone examples' do |param_hash|
102 it { is_expected.to contain_class('keystone::params') }
104 it { is_expected.to contain_package('keystone').with(
105 'ensure' => param_hash['package_ensure'],
109 it { is_expected.to contain_package('python-openstackclient').with(
110 'ensure' => param_hash['client_package_ensure'],
114 it { is_expected.to contain_group('keystone').with(
115 'ensure' => 'present',
119 it { is_expected.to contain_user('keystone').with(
120 'ensure' => 'present',
125 it 'should contain the expected directories' do
126 ['/etc/keystone', '/var/log/keystone', '/var/lib/keystone'].each do |d|
127 is_expected.to contain_file(d).with(
128 'ensure' => 'directory',
129 'owner' => 'keystone',
130 'group' => 'keystone',
132 'require' => 'Package[keystone]'
137 it 'should synchronize the db if $sync_db is true' do
138 if param_hash['sync_db']
139 is_expected.to contain_exec('keystone-manage db_sync').with(
141 :refreshonly => true,
142 :subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'],
143 :require => 'User[keystone]'
148 it 'should contain correct config' do
157 is_expected.to contain_keystone_config("DEFAULT/#{config}").with_value(param_hash[config])
161 it 'should contain correct admin_token config' do
162 is_expected.to contain_keystone_config('DEFAULT/admin_token').with_value(param_hash['admin_token']).with_secret(true)
165 it 'should contain correct mysql config' do
166 is_expected.to contain_keystone_config('database/idle_timeout').with_value(param_hash['database_idle_timeout'])
167 is_expected.to contain_keystone_config('database/connection').with_value(param_hash['database_connection']).with_secret(true)
170 it { is_expected.to contain_keystone_config('token/provider').with_value(
171 param_hash['token_provider']
174 it 'should contain correct token driver' do
175 is_expected.to contain_keystone_config('token/driver').with_value(param_hash['token_driver'])
178 it 'should contain correct revoke driver' do
179 should contain_keystone_config('revoke/driver').with_value(param_hash['revoke_driver'])
182 it 'should ensure proper setting of admin_endpoint and public_endpoint' do
183 if param_hash['admin_endpoint']
184 is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value(param_hash['admin_endpoint'])
186 is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent')
188 if param_hash['public_endpoint']
189 is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint'])
191 is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent')
195 it 'should contain correct rabbit_password' do
196 is_expected.to contain_keystone_config('DEFAULT/rabbit_password').with_value(param_hash['rabbit_password']).with_secret(true)
199 it 'should remove max_token_size param by default' do
200 is_expected.to contain_keystone_config('DEFAULT/max_token_size').with_ensure('absent')
203 it 'should ensure proper setting of admin_workers and public_workers' do
204 if param_hash['admin_workers']
205 is_expected.to contain_keystone_config('DEFAULT/admin_workers').with_value(param_hash['admin_workers'])
207 is_expected.to contain_keystone_config('DEFAULT/admin_workers').with_value('2')
209 if param_hash['public_workers']
210 is_expected.to contain_keystone_config('DEFAULT/public_workers').with_value(param_hash['public_workers'])
212 is_expected.to contain_keystone_config('DEFAULT/public_workers').with_value('2')
216 if param_hash['default_domain']
217 it { is_expected.to contain_keystone_domain(param_hash['default_domain']).with(:is_default => true) }
221 [default_params, override_params].each do |param_hash|
222 describe "when #{param_hash == default_params ? "using default" : "specifying"} class parameters for service" do
228 it_configures 'core keystone examples', param_hash
230 it { is_expected.to contain_service('keystone').with(
231 'ensure' => (param_hash['manage_service'] && param_hash['enabled']) ? 'running' : 'stopped',
232 'enable' => param_hash['enabled'],
240 shared_examples_for "when using default class parameters for httpd" do
245 let :pre_condition do
249 it_configures 'core keystone examples', httpd_params
253 should contain_service(platform_parameters[:service_name]).with('ensure' => 'running')
254 }.to raise_error(RSpec::Expectations::ExpectationNotMetError, /expected that the catalogue would contain Service\[#{platform_parameters[:service_name]}\]/)
257 it { should contain_class('keystone::service').with(
258 'ensure' => 'stopped',
259 'service_name' => platform_parameters[:service_name],
265 describe 'when using invalid service name for keystone' do
266 let (:params) { {'service_name' => 'foo'}.merge(default_params) }
268 it_raises 'a Puppet::Error', /Invalid service_name/
271 describe 'with disabled service managing' do
273 { :admin_token => 'service_token',
274 :manage_service => false,
278 it { is_expected.to contain_service('keystone').with(
286 describe 'when configuring signing token provider' do
288 describe 'when configuring as UUID' do
291 'admin_token' => 'service_token',
292 'token_provider' => 'keystone.token.providers.uuid.Provider'
295 it { is_expected.to contain_exec('keystone-manage pki_setup').with(
296 :creates => '/etc/keystone/ssl/private/signing_key.pem'
298 it { is_expected.to contain_file('/var/cache/keystone').with_ensure('directory') }
300 describe 'when overriding the cache dir' do
302 params.merge!(:cache_dir => '/var/lib/cache/keystone')
304 it { is_expected.to contain_file('/var/lib/cache/keystone') }
307 describe 'when disable pki_setup' do
309 params.merge!(:enable_pki_setup => false)
311 it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
315 describe 'when configuring as PKI' do
318 'admin_token' => 'service_token',
319 'token_provider' => 'keystone.token.providers.pki.Provider'
322 it { is_expected.to contain_exec('keystone-manage pki_setup').with(
323 :creates => '/etc/keystone/ssl/private/signing_key.pem'
325 it { is_expected.to contain_file('/var/cache/keystone').with_ensure('directory') }
327 describe 'when overriding the cache dir' do
329 params.merge!(:cache_dir => '/var/lib/cache/keystone')
331 it { is_expected.to contain_file('/var/lib/cache/keystone') }
334 describe 'when disable pki_setup' do
336 params.merge!(:enable_pki_setup => false)
338 it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
342 describe 'when configuring PKI signing cert paths with UUID and with pki_setup disabled' do
345 'admin_token' => 'service_token',
346 'token_provider' => 'keystone.token.providers.uuid.Provider',
347 'enable_pki_setup' => false,
348 'signing_certfile' => 'signing_certfile',
349 'signing_keyfile' => 'signing_keyfile',
350 'signing_ca_certs' => 'signing_ca_certs',
351 'signing_ca_key' => 'signing_ca_key',
352 'signing_cert_subject' => 'signing_cert_subject',
353 'signing_key_size' => 2048
357 it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
359 it 'should contain correct PKI certfile config' do
360 is_expected.to contain_keystone_config('signing/certfile').with_value('signing_certfile')
363 it 'should contain correct PKI keyfile config' do
364 is_expected.to contain_keystone_config('signing/keyfile').with_value('signing_keyfile')
367 it 'should contain correct PKI ca_certs config' do
368 is_expected.to contain_keystone_config('signing/ca_certs').with_value('signing_ca_certs')
371 it 'should contain correct PKI ca_key config' do
372 is_expected.to contain_keystone_config('signing/ca_key').with_value('signing_ca_key')
375 it 'should contain correct PKI cert_subject config' do
376 is_expected.to contain_keystone_config('signing/cert_subject').with_value('signing_cert_subject')
379 it 'should contain correct PKI key_size config' do
380 is_expected.to contain_keystone_config('signing/key_size').with_value('2048')
384 describe 'when configuring PKI signing cert paths with pki_setup disabled' do
387 'admin_token' => 'service_token',
388 'token_provider' => 'keystone.token.providers.pki.Provider',
389 'enable_pki_setup' => false,
390 'signing_certfile' => 'signing_certfile',
391 'signing_keyfile' => 'signing_keyfile',
392 'signing_ca_certs' => 'signing_ca_certs',
393 'signing_ca_key' => 'signing_ca_key',
394 'signing_cert_subject' => 'signing_cert_subject',
395 'signing_key_size' => 2048
399 it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
401 it 'should contain correct PKI certfile config' do
402 is_expected.to contain_keystone_config('signing/certfile').with_value('signing_certfile')
405 it 'should contain correct PKI keyfile config' do
406 is_expected.to contain_keystone_config('signing/keyfile').with_value('signing_keyfile')
409 it 'should contain correct PKI ca_certs config' do
410 is_expected.to contain_keystone_config('signing/ca_certs').with_value('signing_ca_certs')
413 it 'should contain correct PKI ca_key config' do
414 is_expected.to contain_keystone_config('signing/ca_key').with_value('signing_ca_key')
417 it 'should contain correct PKI cert_subject config' do
418 is_expected.to contain_keystone_config('signing/cert_subject').with_value('signing_cert_subject')
421 it 'should contain correct PKI key_size config' do
422 is_expected.to contain_keystone_config('signing/key_size').with_value('2048')
426 describe 'with invalid catalog_type' do
428 { :admin_token => 'service_token',
429 :catalog_type => 'invalid' }
432 it_raises "a Puppet::Error", /validate_re\(\): "invalid" does not match "template|sql"/
435 describe 'when configuring catalog driver' do
437 { :admin_token => 'service_token',
438 :catalog_driver => 'keystone.catalog.backends.alien.AlienCatalog' }
441 it { is_expected.to contain_keystone_config('catalog/driver').with_value(params[:catalog_driver]) }
445 describe 'when configuring token expiration' do
448 'admin_token' => 'service_token',
449 'token_expiration' => '42',
453 it { is_expected.to contain_keystone_config("token/expiration").with_value('42') }
456 describe 'when not configuring token expiration' do
459 'admin_token' => 'service_token',
463 it { is_expected.to contain_keystone_config("token/expiration").with_value('3600') }
466 describe 'when sync_db is set to false' do
469 'admin_token' => 'service_token',
474 it { is_expected.not_to contain_exec('keystone-manage db_sync') }
477 describe 'configure memcache servers if set' do
480 'admin_token' => 'service_token',
481 'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ],
482 'token_driver' => 'keystone.token.backends.memcache.Token',
483 'cache_backend' => 'dogpile.cache.memcached',
484 'cache_backend_argument' => ['url:SERVER1:12211'],
488 it { is_expected.to contain_keystone_config("memcache/servers").with_value('SERVER1:11211,SERVER2:11211') }
489 it { is_expected.to contain_keystone_config('cache/enabled').with_value(true) }
490 it { is_expected.to contain_keystone_config('token/caching').with_value(true) }
491 it { is_expected.to contain_keystone_config('cache/backend').with_value('dogpile.cache.memcached') }
492 it { is_expected.to contain_keystone_config('cache/backend_argument').with_value('url:SERVER1:12211') }
493 it { is_expected.to contain_package('python-memcache').with(
494 :name => 'python-memcache',
499 describe 'do not configure memcache servers when not set' do
504 it { is_expected.to contain_keystone_config("cache/enabled").with_ensure('absent') }
505 it { is_expected.to contain_keystone_config("token/caching").with_ensure('absent') }
506 it { is_expected.to contain_keystone_config("cache/backend").with_ensure('absent') }
507 it { is_expected.to contain_keystone_config("cache/backend_argument").with_ensure('absent') }
508 it { is_expected.to contain_keystone_config("cache/debug_cache_backend").with_ensure('absent') }
509 it { is_expected.to contain_keystone_config("memcache/servers").with_ensure('absent') }
512 describe 'raise error if memcache_servers is not an array' do
515 'admin_token' => 'service_token',
516 'memcache_servers' => 'ANY_SERVER:11211'
520 it { expect { is_expected.to contain_class('keystone::params') }.to \
521 raise_error(Puppet::Error, /is not an Array/) }
524 describe 'with syslog disabled by default' do
529 it { is_expected.to contain_keystone_config('DEFAULT/use_syslog').with_value(false) }
530 it { is_expected.to_not contain_keystone_config('DEFAULT/syslog_log_facility') }
533 describe 'with syslog enabled' do
535 default_params.merge({
536 :use_syslog => 'true',
540 it { is_expected.to contain_keystone_config('DEFAULT/use_syslog').with_value(true) }
541 it { is_expected.to contain_keystone_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') }
544 describe 'with syslog enabled and custom settings' do
546 default_params.merge({
547 :use_syslog => 'true',
548 :log_facility => 'LOG_LOCAL0'
552 it { is_expected.to contain_keystone_config('DEFAULT/use_syslog').with_value(true) }
553 it { is_expected.to contain_keystone_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') }
556 describe 'with log_file disabled by default' do
560 it { is_expected.to contain_keystone_config('DEFAULT/log_file').with_ensure('absent') }
563 describe 'with log_file and log_dir enabled' do
565 default_params.merge({
566 :log_file => 'keystone.log',
567 :log_dir => '/var/lib/keystone'
570 it { is_expected.to contain_keystone_config('DEFAULT/log_file').with_value('keystone.log') }
571 it { is_expected.to contain_keystone_config('DEFAULT/log_dir').with_value('/var/lib/keystone') }
574 describe 'with log_file and log_dir disabled' do
576 default_params.merge({
581 it { is_expected.to contain_keystone_config('DEFAULT/log_file').with_ensure('absent') }
582 it { is_expected.to contain_keystone_config('DEFAULT/log_dir').with_ensure('absent') }
585 describe 'when enabling SSL' do
588 'admin_token' => 'service_token',
589 'enable_ssl' => true,
590 'public_endpoint' => 'https://localhost:5000/v2.0/',
591 'admin_endpoint' => 'https://localhost:35357/v2.0/',
594 it {is_expected.to contain_keystone_config('ssl/enable').with_value(true)}
595 it {is_expected.to contain_keystone_config('ssl/certfile').with_value('/etc/keystone/ssl/certs/keystone.pem')}
596 it {is_expected.to contain_keystone_config('ssl/keyfile').with_value('/etc/keystone/ssl/private/keystonekey.pem')}
597 it {is_expected.to contain_keystone_config('ssl/ca_certs').with_value('/etc/keystone/ssl/certs/ca.pem')}
598 it {is_expected.to contain_keystone_config('ssl/ca_key').with_value('/etc/keystone/ssl/private/cakey.pem')}
599 it {is_expected.to contain_keystone_config('ssl/cert_subject').with_value('/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost')}
600 it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('https://localhost:5000/v2.0/')}
601 it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('https://localhost:35357/v2.0/')}
603 describe 'when disabling SSL' do
606 'admin_token' => 'service_token',
607 'enable_ssl' => false,
610 it {is_expected.to contain_keystone_config('ssl/enable').with_value(false)}
611 it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent')}
612 it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent')}
614 describe 'not setting notification settings by default' do
619 it { is_expected.to contain_keystone_config('DEFAULT/notification_driver').with_value(nil) }
620 it { is_expected.to contain_keystone_config('DEFAULT/notification_topics').with_value(nil) }
621 it { is_expected.to contain_keystone_config('DEFAULT/notification_format').with_value(nil) }
622 it { is_expected.to contain_keystone_config('DEFAULT/control_exchange').with_value(nil) }
625 describe 'with RabbitMQ communication SSLed' do
627 default_params.merge!({
628 :rabbit_use_ssl => true,
629 :kombu_ssl_ca_certs => '/path/to/ssl/ca/certs',
630 :kombu_ssl_certfile => '/path/to/ssl/cert/file',
631 :kombu_ssl_keyfile => '/path/to/ssl/keyfile',
632 :kombu_ssl_version => 'TLSv1'
637 is_expected.to contain_keystone_config('DEFAULT/rabbit_use_ssl').with_value('true')
638 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_ca_certs').with_value('/path/to/ssl/ca/certs')
639 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_certfile').with_value('/path/to/ssl/cert/file')
640 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_keyfile').with_value('/path/to/ssl/keyfile')
641 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_version').with_value('TLSv1')
645 describe 'with RabbitMQ communication not SSLed' do
647 default_params.merge!({
648 :rabbit_use_ssl => false,
649 :kombu_ssl_ca_certs => 'undef',
650 :kombu_ssl_certfile => 'undef',
651 :kombu_ssl_keyfile => 'undef',
652 :kombu_ssl_version => 'TLSv1'
657 is_expected.to contain_keystone_config('DEFAULT/rabbit_use_ssl').with_value('false')
658 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
659 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
660 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
661 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
665 describe 'when configuring max_token_size' do
667 default_params.merge({:max_token_size => '16384' })
670 it { is_expected.to contain_keystone_config('DEFAULT/max_token_size').with_value(params[:max_token_size]) }
673 describe 'setting notification settings' do
675 default_params.merge({
676 :notification_driver => 'keystone.openstack.common.notifier.rpc_notifier',
677 :notification_topics => 'notifications',
678 :notification_format => 'cadf',
679 :control_exchange => 'keystone'
683 it { is_expected.to contain_keystone_config('DEFAULT/notification_driver').with_value('keystone.openstack.common.notifier.rpc_notifier') }
684 it { is_expected.to contain_keystone_config('DEFAULT/notification_topics').with_value('notifications') }
685 it { is_expected.to contain_keystone_config('DEFAULT/notification_format').with_value('cadf') }
686 it { is_expected.to contain_keystone_config('DEFAULT/control_exchange').with_value('keystone') }
689 describe 'setting sql (default) catalog' do
694 it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.sql.Catalog') }
697 describe 'setting default template catalog' do
700 :admin_token => 'service_token',
701 :catalog_type => 'template'
705 it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
706 it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/etc/keystone/default_catalog.templates') }
709 describe 'with overridden validation_auth_url' do
712 :admin_token => 'service_token',
713 :validate_service => true,
714 :validate_auth_url => 'http://some.host:35357/v2.0',
715 :admin_endpoint => 'http://some.host:35357'
719 it { is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('http://some.host:35357') }
720 it { is_expected.to contain_class('keystone::service').with(
722 'admin_endpoint' => 'http://some.host:35357/v2.0'
726 describe 'with service validation' do
729 :admin_token => 'service_token',
730 :validate_service => true,
731 :admin_endpoint => 'http://some.host:35357'
735 it { is_expected.to contain_class('keystone::service').with(
737 'admin_endpoint' => 'http://some.host:35357'
741 describe 'setting another template catalog' do
744 :admin_token => 'service_token',
745 :catalog_type => 'template',
746 :catalog_template_file => '/some/template_file'
750 it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
751 it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/some/template_file') }
754 describe 'setting service_provider' do
757 :osfamily => 'RedHat',
758 :operatingsystemrelease => '6.0'
762 describe 'with default service_provider' do
764 { 'admin_token' => 'service_token' }
767 it { is_expected.to contain_service('keystone').with(
772 describe 'with overrided service_provider' do
775 'admin_token' => 'service_token',
776 'service_provider' => 'pacemaker'
780 it { is_expected.to contain_service('keystone').with(
781 :provider => 'pacemaker'
786 describe 'when using fernet tokens' do
787 describe 'when enabling fernet_setup' do
789 default_params.merge({
790 'enable_fernet_setup' => true,
791 'fernet_max_active_keys' => 5,
795 it { is_expected.to contain_exec('keystone-manage fernet_setup').with(
796 :creates => '/etc/keystone/fernet-keys/0'
798 it { is_expected.to contain_keystone_config('fernet_tokens/max_active_keys').with_value(5)}
801 describe 'when overriding the fernet key directory' do
803 default_params.merge({
804 'enable_fernet_setup' => true,
805 'fernet_key_repository' => '/var/lib/fernet-keys',
808 it { is_expected.to contain_exec('keystone-manage fernet_setup').with(
809 :creates => '/var/lib/fernet-keys/0'
815 describe 'when configuring paste_deploy' do
816 describe 'with default paste config on Debian' do
821 it { is_expected.to contain_keystone_config('paste_deploy/config_file').with_ensure('absent')}
824 describe 'with default paste config on RedHat' do
827 :osfamily => 'RedHat',
828 :operatingsystemrelease => '6.0'
835 it { is_expected.to contain_keystone_config('paste_deploy/config_file').with_value(
836 '/usr/share/keystone/keystone-dist-paste.ini'
840 describe 'with overrided paste_deploy' do
842 default_params.merge({
843 'paste_config' => '/usr/share/keystone/keystone-paste.ini',
847 it { is_expected.to contain_keystone_config('paste_deploy/config_file').with_value(
848 '/usr/share/keystone/keystone-paste.ini'
853 describe 'when configuring default domain' do
854 describe 'with default config' do
858 it { is_expected.to_not contain_exec('restart_keystone') }
860 describe 'with default domain and service is managed and enabled' do
862 default_params.merge({
863 'default_domain'=> 'test',
866 it { is_expected.to contain_exec('restart_keystone') }
868 describe 'with default domain and service is not managed' do
870 default_params.merge({
871 'default_domain' => 'test',
872 'manage_service' => false,
875 it { is_expected.to_not contain_exec('restart_keystone') }
879 context 'on RedHat platforms' do
882 :osfamily => 'RedHat',
883 :operatingsystemrelease => '7.0'
887 let :platform_parameters do
889 :service_name => 'openstack-keystone'
893 it_configures 'when using default class parameters for httpd'
896 context 'on Debian platforms' do
899 :osfamily => 'Debian',
900 :operatingsystem => 'Debian',
901 :operatingsystemrelease => '7.0'
905 let :platform_parameters do
907 :service_name => 'keystone'
911 it_configures 'when using default class parameters for httpd'