global_facts.merge({
:osfamily => 'Debian',
:operatingsystem => 'Debian',
- :operatingsystemrelease => '7.0'
+ :operatingsystemrelease => '7.0',
+ :processorcount => '1'
})
end
default_params = {
'admin_token' => 'service_token',
'package_ensure' => 'present',
+ 'client_package_ensure' => 'present',
'public_bind_host' => '0.0.0.0',
'admin_bind_host' => '0.0.0.0',
'public_port' => '5000',
'admin_port' => '35357',
'admin_token' => 'service_token',
- 'compute_port' => '8774',
'verbose' => false,
'debug' => false,
'catalog_type' => 'sql',
'catalog_driver' => false,
'token_provider' => 'keystone.token.providers.uuid.Provider',
'token_driver' => 'keystone.token.persistence.backends.sql.Token',
+ 'revoke_driver' => 'keystone.contrib.revoke.backends.sql.Revoke',
'cache_dir' => '/var/cache/keystone',
'enable_ssl' => false,
'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem',
'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
'enabled' => true,
+ 'manage_service' => true,
'database_connection' => 'sqlite:////var/lib/keystone/keystone.db',
'database_idle_timeout' => '200',
'enable_pki_setup' => true,
'rabbit_host' => 'localhost',
'rabbit_password' => 'guest',
'rabbit_userid' => 'guest',
+ 'admin_workers' => 20,
+ 'public_workers' => 20,
+ 'sync_db' => true,
}
override_params = {
'package_ensure' => 'latest',
+ 'client_package_ensure' => 'latest',
'public_bind_host' => '0.0.0.0',
'admin_bind_host' => '0.0.0.0',
'public_port' => '5001',
'admin_port' => '35358',
'admin_token' => 'service_token_override',
- 'compute_port' => '8778',
'verbose' => true,
'debug' => true,
'catalog_type' => 'template',
'token_provider' => 'keystone.token.providers.uuid.Provider',
'token_driver' => 'keystone.token.backends.kvs.Token',
+ 'revoke_driver' => 'keystone.contrib.revoke.backends.kvs.Revoke',
'public_endpoint' => 'https://localhost:5000/v2.0/',
'admin_endpoint' => 'https://localhost:35357/v2.0/',
'enable_ssl' => true,
'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
'enabled' => false,
+ 'manage_service' => true,
'database_connection' => 'mysql://a:b@c/d',
'database_idle_timeout' => '300',
'enable_pki_setup' => true,
'rabbit_host' => '127.0.0.1',
'rabbit_password' => 'openstack',
'rabbit_userid' => 'admin',
+ 'default_domain' => 'other_domain',
}
httpd_params = {'service_name' => 'httpd'}.merge(default_params)
shared_examples_for 'core keystone examples' do |param_hash|
- it { should contain_class('keystone::params') }
+ it { is_expected.to contain_class('keystone::params') }
- it { should contain_package('keystone').with(
+ it { is_expected.to contain_package('keystone').with(
'ensure' => param_hash['package_ensure'],
'tag' => 'openstack'
) }
- it { should contain_group('keystone').with(
+ it { is_expected.to contain_package('python-openstackclient').with(
+ 'ensure' => param_hash['client_package_ensure'],
+ 'tag' => 'openstack'
+ ) }
+
+ it { is_expected.to contain_group('keystone').with(
'ensure' => 'present',
'system' => true
) }
- it { should contain_user('keystone').with(
+ it { is_expected.to contain_user('keystone').with(
'ensure' => 'present',
'gid' => 'keystone',
'system' => true
it 'should contain the expected directories' do
['/etc/keystone', '/var/log/keystone', '/var/lib/keystone'].each do |d|
- should contain_file(d).with(
+ is_expected.to contain_file(d).with(
'ensure' => 'directory',
'owner' => 'keystone',
'group' => 'keystone',
end
end
- it 'should only synchronize the db if $enabled is true' do
- if param_hash['enabled']
- should contain_exec('keystone-manage db_sync').with(
+ it 'should synchronize the db if $sync_db is true' do
+ if param_hash['sync_db']
+ is_expected.to contain_exec('keystone-manage db_sync').with(
:user => 'keystone',
:refreshonly => true,
:subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'],
'admin_bind_host',
'public_port',
'admin_port',
- 'compute_port',
'verbose',
'debug'
].each do |config|
- should contain_keystone_config("DEFAULT/#{config}").with_value(param_hash[config])
+ is_expected.to contain_keystone_config("DEFAULT/#{config}").with_value(param_hash[config])
end
end
it 'should contain correct admin_token config' do
- should contain_keystone_config('DEFAULT/admin_token').with_value(param_hash['admin_token']).with_secret(true)
+ is_expected.to contain_keystone_config('DEFAULT/admin_token').with_value(param_hash['admin_token']).with_secret(true)
end
it 'should contain correct mysql config' do
- should contain_keystone_config('database/idle_timeout').with_value(param_hash['database_idle_timeout'])
- should contain_keystone_config('database/connection').with_value(param_hash['database_connection']).with_secret(true)
+ is_expected.to contain_keystone_config('database/idle_timeout').with_value(param_hash['database_idle_timeout'])
+ is_expected.to contain_keystone_config('database/connection').with_value(param_hash['database_connection']).with_secret(true)
end
- it { should contain_keystone_config('token/provider').with_value(
+ it { is_expected.to contain_keystone_config('token/provider').with_value(
param_hash['token_provider']
) }
it 'should contain correct token driver' do
- should contain_keystone_config('token/driver').with_value(param_hash['token_driver'])
+ is_expected.to contain_keystone_config('token/driver').with_value(param_hash['token_driver'])
+ end
+
+ it 'should contain correct revoke driver' do
+ should contain_keystone_config('revoke/driver').with_value(param_hash['revoke_driver'])
end
it 'should ensure proper setting of admin_endpoint and public_endpoint' do
if param_hash['admin_endpoint']
- should contain_keystone_config('DEFAULT/admin_endpoint').with_value(param_hash['admin_endpoint'])
+ is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value(param_hash['admin_endpoint'])
else
- should contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent')
+ is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent')
end
if param_hash['public_endpoint']
- should contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint'])
+ is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint'])
else
- should contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent')
+ is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent')
end
end
it 'should contain correct rabbit_password' do
- should contain_keystone_config('DEFAULT/rabbit_password').with_value(param_hash['rabbit_password']).with_secret(true)
+ is_expected.to contain_keystone_config('DEFAULT/rabbit_password').with_value(param_hash['rabbit_password']).with_secret(true)
+ end
+
+ it 'should remove max_token_size param by default' do
+ is_expected.to contain_keystone_config('DEFAULT/max_token_size').with_ensure('absent')
+ end
+
+ it 'should ensure proper setting of admin_workers and public_workers' do
+ if param_hash['admin_workers']
+ is_expected.to contain_keystone_config('DEFAULT/admin_workers').with_value(param_hash['admin_workers'])
+ else
+ is_expected.to contain_keystone_config('DEFAULT/admin_workers').with_value('2')
+ end
+ if param_hash['public_workers']
+ is_expected.to contain_keystone_config('DEFAULT/public_workers').with_value(param_hash['public_workers'])
+ else
+ is_expected.to contain_keystone_config('DEFAULT/public_workers').with_value('2')
+ end
+ end
+
+ if param_hash['default_domain']
+ it { is_expected.to contain_keystone_domain(param_hash['default_domain']).with(:is_default => true) }
end
end
it_configures 'core keystone examples', param_hash
- it { should contain_service('keystone').with(
- 'ensure' => param_hash['enabled'] ? 'running' : 'stopped',
+ it { is_expected.to contain_service('keystone').with(
+ 'ensure' => (param_hash['manage_service'] && param_hash['enabled']) ? 'running' : 'stopped',
'enable' => param_hash['enabled'],
'hasstatus' => true,
'hasrestart' => true
end
end
- describe "when using default class parameters for httpd" do
+ shared_examples_for "when using default class parameters for httpd" do
let :params do
httpd_params
end
it do
expect {
- should contain_service('keystone')
- }.to raise_error(RSpec::Expectations::ExpectationNotMetError, /expected that the catalogue would contain Service\[keystone\]/)
+ should contain_service(platform_parameters[:service_name]).with('ensure' => 'running')
+ }.to raise_error(RSpec::Expectations::ExpectationNotMetError, /expected that the catalogue would contain Service\[#{platform_parameters[:service_name]}\]/)
end
+ it { should contain_class('keystone::service').with(
+ 'ensure' => 'stopped',
+ 'service_name' => platform_parameters[:service_name],
+ 'enable' => false,
+ 'validate' => false
+ )}
end
- describe 'with deprecated sql_connection parameter' do
- let :params do
- { :admin_token => 'service_token',
- :sql_connection => 'mysql://a:b@c/d' }
- end
+ describe 'when using invalid service name for keystone' do
+ let (:params) { {'service_name' => 'foo'}.merge(default_params) }
- it { should contain_keystone_config('database/connection').with_value(params[:sql_connection]) }
+ it_raises 'a Puppet::Error', /Invalid service_name/
end
- describe 'with deprecated idle_timeout parameter' do
+ describe 'with disabled service managing' do
let :params do
- { :admin_token => 'service_token',
- :idle_timeout => 365 }
+ { :admin_token => 'service_token',
+ :manage_service => false,
+ :enabled => false }
end
- it { should contain_keystone_config('database/idle_timeout').with_value(params[:idle_timeout]) }
+ it { is_expected.to contain_service('keystone').with(
+ 'ensure' => nil,
+ 'enable' => false,
+ 'hasstatus' => true,
+ 'hasrestart' => true
+ ) }
end
describe 'when configuring signing token provider' do
'token_provider' => 'keystone.token.providers.uuid.Provider'
}
end
- it { should contain_exec('keystone-manage pki_setup').with(
+ it { is_expected.to contain_exec('keystone-manage pki_setup').with(
:creates => '/etc/keystone/ssl/private/signing_key.pem'
) }
- it { should contain_file('/var/cache/keystone').with_ensure('directory') }
+ it { is_expected.to contain_file('/var/cache/keystone').with_ensure('directory') }
describe 'when overriding the cache dir' do
before do
params.merge!(:cache_dir => '/var/lib/cache/keystone')
end
- it { should contain_file('/var/lib/cache/keystone') }
+ it { is_expected.to contain_file('/var/lib/cache/keystone') }
end
describe 'when disable pki_setup' do
before do
params.merge!(:enable_pki_setup => false)
end
- it { should_not contain_exec('keystone-manage pki_setup') }
+ it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
end
end
'token_provider' => 'keystone.token.providers.pki.Provider'
}
end
- it { should contain_exec('keystone-manage pki_setup').with(
+ it { is_expected.to contain_exec('keystone-manage pki_setup').with(
:creates => '/etc/keystone/ssl/private/signing_key.pem'
) }
- it { should contain_file('/var/cache/keystone').with_ensure('directory') }
+ it { is_expected.to contain_file('/var/cache/keystone').with_ensure('directory') }
describe 'when overriding the cache dir' do
before do
params.merge!(:cache_dir => '/var/lib/cache/keystone')
end
- it { should contain_file('/var/lib/cache/keystone') }
+ it { is_expected.to contain_file('/var/lib/cache/keystone') }
end
describe 'when disable pki_setup' do
before do
params.merge!(:enable_pki_setup => false)
end
- it { should_not contain_exec('keystone-manage pki_setup') }
+ it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
end
end
}
end
- it { should_not contain_exec('keystone-manage pki_setup') }
+ it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
it 'should contain correct PKI certfile config' do
- should contain_keystone_config('signing/certfile').with_value('signing_certfile')
+ is_expected.to contain_keystone_config('signing/certfile').with_value('signing_certfile')
end
it 'should contain correct PKI keyfile config' do
- should contain_keystone_config('signing/keyfile').with_value('signing_keyfile')
+ is_expected.to contain_keystone_config('signing/keyfile').with_value('signing_keyfile')
end
it 'should contain correct PKI ca_certs config' do
- should contain_keystone_config('signing/ca_certs').with_value('signing_ca_certs')
+ is_expected.to contain_keystone_config('signing/ca_certs').with_value('signing_ca_certs')
end
it 'should contain correct PKI ca_key config' do
- should contain_keystone_config('signing/ca_key').with_value('signing_ca_key')
+ is_expected.to contain_keystone_config('signing/ca_key').with_value('signing_ca_key')
end
it 'should contain correct PKI cert_subject config' do
- should contain_keystone_config('signing/cert_subject').with_value('signing_cert_subject')
+ is_expected.to contain_keystone_config('signing/cert_subject').with_value('signing_cert_subject')
end
it 'should contain correct PKI key_size config' do
- should contain_keystone_config('signing/key_size').with_value('2048')
+ is_expected.to contain_keystone_config('signing/key_size').with_value('2048')
end
end
}
end
- it { should_not contain_exec('keystone-manage pki_setup') }
+ it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
it 'should contain correct PKI certfile config' do
- should contain_keystone_config('signing/certfile').with_value('signing_certfile')
+ is_expected.to contain_keystone_config('signing/certfile').with_value('signing_certfile')
end
it 'should contain correct PKI keyfile config' do
- should contain_keystone_config('signing/keyfile').with_value('signing_keyfile')
+ is_expected.to contain_keystone_config('signing/keyfile').with_value('signing_keyfile')
end
it 'should contain correct PKI ca_certs config' do
- should contain_keystone_config('signing/ca_certs').with_value('signing_ca_certs')
+ is_expected.to contain_keystone_config('signing/ca_certs').with_value('signing_ca_certs')
end
it 'should contain correct PKI ca_key config' do
- should contain_keystone_config('signing/ca_key').with_value('signing_ca_key')
+ is_expected.to contain_keystone_config('signing/ca_key').with_value('signing_ca_key')
end
it 'should contain correct PKI cert_subject config' do
- should contain_keystone_config('signing/cert_subject').with_value('signing_cert_subject')
+ is_expected.to contain_keystone_config('signing/cert_subject').with_value('signing_cert_subject')
end
it 'should contain correct PKI key_size config' do
- should contain_keystone_config('signing/key_size').with_value('2048')
+ is_expected.to contain_keystone_config('signing/key_size').with_value('2048')
end
end
:catalog_driver => 'keystone.catalog.backends.alien.AlienCatalog' }
end
- it { should contain_keystone_config('catalog/driver').with_value(params[:catalog_driver]) }
- end
-
- describe 'when configuring deprecated token_format as UUID with enable_pki_setup' do
- let :params do
- {
- 'admin_token' => 'service_token',
- 'token_format' => 'UUID'
- }
- end
- it { should contain_exec('keystone-manage pki_setup').with(
- :creates => '/etc/keystone/ssl/private/signing_key.pem'
- ) }
- it { should contain_file('/var/cache/keystone').with_ensure('directory') }
- describe 'when overriding the cache dir' do
- let :params do
- {
- 'admin_token' => 'service_token',
- 'token_provider' => 'keystone.token.providers.pki.Provider',
- 'cache_dir' => '/var/lib/cache/keystone'
- }
- end
- it { should contain_file('/var/lib/cache/keystone') }
- end
- end
-
- describe 'when configuring deprecated token_format as UUID without enable_pki_setup' do
- let :params do
- {
- 'admin_token' => 'service_token',
- 'token_format' => 'UUID',
- 'enable_pki_setup' => false
- }
- end
- it { should_not contain_exec('keystone-manage pki_setup') }
- it { should contain_file('/var/cache/keystone').with_ensure('directory') }
- describe 'when overriding the cache dir' do
- let :params do
- {
- 'admin_token' => 'service_token',
- 'token_provider' => 'keystone.token.providers.uuid.Provider',
- 'cache_dir' => '/var/lib/cache/keystone'
- }
- end
- it { should contain_file('/var/lib/cache/keystone') }
- end
- end
-
- describe 'when configuring deprecated token_format as PKI with enable_pki_setup' do
- let :params do
- {
- 'admin_token' => 'service_token',
- 'token_format' => 'PKI',
- }
- end
- it { should contain_exec('keystone-manage pki_setup').with(
- :creates => '/etc/keystone/ssl/private/signing_key.pem'
- ) }
- it { should contain_file('/var/cache/keystone').with_ensure('directory') }
- describe 'when overriding the cache dir' do
- let :params do
- {
- 'admin_token' => 'service_token',
- 'token_provider' => 'keystone.token.providers.pki.Provider',
- 'cache_dir' => '/var/lib/cache/keystone'
- }
- end
- it { should contain_file('/var/lib/cache/keystone') }
- end
- end
-
- describe 'when configuring deprecated token_format as PKI without enable_pki_setup' do
- let :params do
- {
- 'admin_token' => 'service_token',
- 'token_format' => 'PKI',
- 'enable_pki_setup' => false
- }
- end
- it { should_not contain_exec('keystone-manage pki_setup') }
- it { should contain_file('/var/cache/keystone').with_ensure('directory') }
- describe 'when overriding the cache dir' do
- let :params do
- {
- 'admin_token' => 'service_token',
- 'token_provider' => 'keystone.token.providers.pki.Provider',
- 'cache_dir' => '/var/lib/cache/keystone'
- }
- end
- it { should contain_file('/var/lib/cache/keystone') }
- end
+ it { is_expected.to contain_keystone_config('catalog/driver').with_value(params[:catalog_driver]) }
end
-
end
describe 'when configuring token expiration' do
}
end
- it { should contain_keystone_config("token/expiration").with_value('42') }
+ it { is_expected.to contain_keystone_config("token/expiration").with_value('42') }
end
describe 'when not configuring token expiration' do
}
end
- it { should contain_keystone_config("token/expiration").with_value('3600') }
+ it { is_expected.to contain_keystone_config("token/expiration").with_value('3600') }
+ end
+
+ describe 'when sync_db is set to false' do
+ let :params do
+ {
+ 'admin_token' => 'service_token',
+ 'sync_db' => false,
+ }
+ end
+
+ it { is_expected.not_to contain_exec('keystone-manage db_sync') }
end
describe 'configure memcache servers if set' do
}
end
- it { should contain_keystone_config("memcache/servers").with_value('SERVER1:11211,SERVER2:11211') }
- it { should contain_keystone_config('cache/enabled').with_value(true) }
- it { should contain_keystone_config('token/caching').with_value(true) }
- it { should contain_keystone_config('cache/backend').with_value('dogpile.cache.memcached') }
- it { should contain_keystone_config('cache/backend_argument').with_value('url:SERVER1:12211') }
- it { should contain_package('python-memcache').with(
+ it { is_expected.to contain_keystone_config("memcache/servers").with_value('SERVER1:11211,SERVER2:11211') }
+ it { is_expected.to contain_keystone_config('cache/enabled').with_value(true) }
+ it { is_expected.to contain_keystone_config('token/caching').with_value(true) }
+ it { is_expected.to contain_keystone_config('cache/backend').with_value('dogpile.cache.memcached') }
+ it { is_expected.to contain_keystone_config('cache/backend_argument').with_value('url:SERVER1:12211') }
+ it { is_expected.to contain_package('python-memcache').with(
:name => 'python-memcache',
:ensure => 'present'
) }
default_params
end
- it { should contain_keystone_config("cache/enabled").with_ensure('absent') }
- it { should contain_keystone_config("token/caching").with_ensure('absent') }
- it { should contain_keystone_config("cache/backend").with_ensure('absent') }
- it { should contain_keystone_config("cache/backend_argument").with_ensure('absent') }
- it { should contain_keystone_config("cache/debug_cache_backend").with_ensure('absent') }
- it { should contain_keystone_config("memcache/servers").with_ensure('absent') }
+ it { is_expected.to contain_keystone_config("cache/enabled").with_ensure('absent') }
+ it { is_expected.to contain_keystone_config("token/caching").with_ensure('absent') }
+ it { is_expected.to contain_keystone_config("cache/backend").with_ensure('absent') }
+ it { is_expected.to contain_keystone_config("cache/backend_argument").with_ensure('absent') }
+ it { is_expected.to contain_keystone_config("cache/debug_cache_backend").with_ensure('absent') }
+ it { is_expected.to contain_keystone_config("memcache/servers").with_ensure('absent') }
end
describe 'raise error if memcache_servers is not an array' do
}
end
- it { expect { should contain_class('keystone::params') }.to \
+ it { expect { is_expected.to contain_class('keystone::params') }.to \
raise_error(Puppet::Error, /is not an Array/) }
end
default_params
end
- it { should contain_keystone_config('DEFAULT/use_syslog').with_value(false) }
- it { should_not contain_keystone_config('DEFAULT/syslog_log_facility') }
+ it { is_expected.to contain_keystone_config('DEFAULT/use_syslog').with_value(false) }
+ it { is_expected.to_not contain_keystone_config('DEFAULT/syslog_log_facility') }
end
describe 'with syslog enabled' do
})
end
- it { should contain_keystone_config('DEFAULT/use_syslog').with_value(true) }
- it { should contain_keystone_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') }
+ it { is_expected.to contain_keystone_config('DEFAULT/use_syslog').with_value(true) }
+ it { is_expected.to contain_keystone_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') }
end
describe 'with syslog enabled and custom settings' do
})
end
- it { should contain_keystone_config('DEFAULT/use_syslog').with_value(true) }
- it { should contain_keystone_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') }
+ it { is_expected.to contain_keystone_config('DEFAULT/use_syslog').with_value(true) }
+ it { is_expected.to contain_keystone_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') }
end
describe 'with log_file disabled by default' do
let :params do
default_params
end
- it { should contain_keystone_config('DEFAULT/log_file').with_ensure('absent') }
+ it { is_expected.to contain_keystone_config('DEFAULT/log_file').with_ensure('absent') }
end
describe 'with log_file and log_dir enabled' do
:log_dir => '/var/lib/keystone'
})
end
- it { should contain_keystone_config('DEFAULT/log_file').with_value('keystone.log') }
- it { should contain_keystone_config('DEFAULT/log_dir').with_value('/var/lib/keystone') }
+ it { is_expected.to contain_keystone_config('DEFAULT/log_file').with_value('keystone.log') }
+ it { is_expected.to contain_keystone_config('DEFAULT/log_dir').with_value('/var/lib/keystone') }
end
describe 'with log_file and log_dir disabled' do
:log_dir => false
})
end
- it { should contain_keystone_config('DEFAULT/log_file').with_ensure('absent') }
- it { should contain_keystone_config('DEFAULT/log_dir').with_ensure('absent') }
- end
-
- describe 'when configuring api binding with deprecated parameter' do
- let :params do
- default_params.merge({
- :bind_host => '10.0.0.2',
- })
- end
- it { should contain_keystone_config('DEFAULT/public_bind_host').with_value('10.0.0.2') }
- it { should contain_keystone_config('DEFAULT/admin_bind_host').with_value('10.0.0.2') }
+ it { is_expected.to contain_keystone_config('DEFAULT/log_file').with_ensure('absent') }
+ it { is_expected.to contain_keystone_config('DEFAULT/log_dir').with_ensure('absent') }
end
describe 'when enabling SSL' do
'admin_endpoint' => 'https://localhost:35357/v2.0/',
}
end
- it {should contain_keystone_config('ssl/enable').with_value(true)}
- it {should contain_keystone_config('ssl/certfile').with_value('/etc/keystone/ssl/certs/keystone.pem')}
- it {should contain_keystone_config('ssl/keyfile').with_value('/etc/keystone/ssl/private/keystonekey.pem')}
- it {should contain_keystone_config('ssl/ca_certs').with_value('/etc/keystone/ssl/certs/ca.pem')}
- it {should contain_keystone_config('ssl/ca_key').with_value('/etc/keystone/ssl/private/cakey.pem')}
- it {should contain_keystone_config('ssl/cert_subject').with_value('/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost')}
- it {should contain_keystone_config('DEFAULT/public_endpoint').with_value('https://localhost:5000/v2.0/')}
- it {should contain_keystone_config('DEFAULT/admin_endpoint').with_value('https://localhost:35357/v2.0/')}
+ it {is_expected.to contain_keystone_config('ssl/enable').with_value(true)}
+ it {is_expected.to contain_keystone_config('ssl/certfile').with_value('/etc/keystone/ssl/certs/keystone.pem')}
+ it {is_expected.to contain_keystone_config('ssl/keyfile').with_value('/etc/keystone/ssl/private/keystonekey.pem')}
+ it {is_expected.to contain_keystone_config('ssl/ca_certs').with_value('/etc/keystone/ssl/certs/ca.pem')}
+ it {is_expected.to contain_keystone_config('ssl/ca_key').with_value('/etc/keystone/ssl/private/cakey.pem')}
+ it {is_expected.to contain_keystone_config('ssl/cert_subject').with_value('/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost')}
+ it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('https://localhost:5000/v2.0/')}
+ it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('https://localhost:35357/v2.0/')}
end
describe 'when disabling SSL' do
let :params do
'enable_ssl' => false,
}
end
- it {should contain_keystone_config('ssl/enable').with_value(false)}
- it {should contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent')}
- it {should contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent')}
+ it {is_expected.to contain_keystone_config('ssl/enable').with_value(false)}
+ it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent')}
+ it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent')}
end
describe 'not setting notification settings by default' do
let :params do
default_params
end
- it { should contain_keystone_config('DEFAULT/notification_driver').with_value(nil) }
- it { should contain_keystone_config('DEFAULT/notification_topics').with_vaule(nil) }
- it { should contain_keystone_config('DEFAULT/control_exchange').with_vaule(nil) }
+ it { is_expected.to contain_keystone_config('DEFAULT/notification_driver').with_value(nil) }
+ it { is_expected.to contain_keystone_config('DEFAULT/notification_topics').with_value(nil) }
+ it { is_expected.to contain_keystone_config('DEFAULT/notification_format').with_value(nil) }
+ it { is_expected.to contain_keystone_config('DEFAULT/control_exchange').with_value(nil) }
end
describe 'with RabbitMQ communication SSLed' do
end
it do
- should contain_keystone_config('DEFAULT/rabbit_use_ssl').with_value('true')
- should contain_keystone_config('DEFAULT/kombu_ssl_ca_certs').with_value('/path/to/ssl/ca/certs')
- should contain_keystone_config('DEFAULT/kombu_ssl_certfile').with_value('/path/to/ssl/cert/file')
- should contain_keystone_config('DEFAULT/kombu_ssl_keyfile').with_value('/path/to/ssl/keyfile')
- should contain_keystone_config('DEFAULT/kombu_ssl_version').with_value('TLSv1')
+ is_expected.to contain_keystone_config('DEFAULT/rabbit_use_ssl').with_value('true')
+ is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_ca_certs').with_value('/path/to/ssl/ca/certs')
+ is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_certfile').with_value('/path/to/ssl/cert/file')
+ is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_keyfile').with_value('/path/to/ssl/keyfile')
+ is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_version').with_value('TLSv1')
end
end
end
it do
- should contain_keystone_config('DEFAULT/rabbit_use_ssl').with_value('false')
- should contain_keystone_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
- should contain_keystone_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
- should contain_keystone_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
- should contain_keystone_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
+ is_expected.to contain_keystone_config('DEFAULT/rabbit_use_ssl').with_value('false')
+ is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
+ is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
+ is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
+ is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
+ end
+ end
+
+ describe 'when configuring max_token_size' do
+ let :params do
+ default_params.merge({:max_token_size => '16384' })
end
+
+ it { is_expected.to contain_keystone_config('DEFAULT/max_token_size').with_value(params[:max_token_size]) }
end
describe 'setting notification settings' do
default_params.merge({
:notification_driver => 'keystone.openstack.common.notifier.rpc_notifier',
:notification_topics => 'notifications',
+ :notification_format => 'cadf',
:control_exchange => 'keystone'
})
end
- it { should contain_keystone_config('DEFAULT/notification_driver').with_value('keystone.openstack.common.notifier.rpc_notifier') }
- it { should contain_keystone_config('DEFAULT/notification_topics').with_value('notifications') }
- it { should contain_keystone_config('DEFAULT/control_exchange').with_value('keystone') }
+ it { is_expected.to contain_keystone_config('DEFAULT/notification_driver').with_value('keystone.openstack.common.notifier.rpc_notifier') }
+ it { is_expected.to contain_keystone_config('DEFAULT/notification_topics').with_value('notifications') }
+ it { is_expected.to contain_keystone_config('DEFAULT/notification_format').with_value('cadf') }
+ it { is_expected.to contain_keystone_config('DEFAULT/control_exchange').with_value('keystone') }
end
describe 'setting sql (default) catalog' do
default_params
end
- it { should contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.sql.Catalog') }
+ it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.sql.Catalog') }
end
describe 'setting default template catalog' do
}
end
- it { should contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
- it { should contain_keystone_config('catalog/template_file').with_value('/etc/keystone/default_catalog.templates') }
+ it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
+ it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/etc/keystone/default_catalog.templates') }
end
describe 'with overridden validation_auth_url' do
}
end
- it { should contain_keystone_config('DEFAULT/admin_endpoint').with_value('http://some.host:35357') }
- it { should contain_class('keystone::service').with(
+ it { is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('http://some.host:35357') }
+ it { is_expected.to contain_class('keystone::service').with(
'validate' => true,
'admin_endpoint' => 'http://some.host:35357/v2.0'
)}
}
end
- it { should contain_class('keystone::service').with(
+ it { is_expected.to contain_class('keystone::service').with(
'validate' => true,
'admin_endpoint' => 'http://some.host:35357'
)}
}
end
- it { should contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
- it { should contain_keystone_config('catalog/template_file').with_value('/some/template_file') }
+ it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
+ it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/some/template_file') }
end
describe 'setting service_provider' do
{ 'admin_token' => 'service_token' }
end
- it { should contain_service('keystone').with(
+ it { is_expected.to contain_service('keystone').with(
:provider => nil
)}
end
}
end
- it { should contain_service('keystone').with(
+ it { is_expected.to contain_service('keystone').with(
:provider => 'pacemaker'
)}
end
end
+
+ describe 'when using fernet tokens' do
+ describe 'when enabling fernet_setup' do
+ let :params do
+ default_params.merge({
+ 'enable_fernet_setup' => true,
+ 'fernet_max_active_keys' => 5,
+ })
+ end
+
+ it { is_expected.to contain_exec('keystone-manage fernet_setup').with(
+ :creates => '/etc/keystone/fernet-keys/0'
+ ) }
+ it { is_expected.to contain_keystone_config('fernet_tokens/max_active_keys').with_value(5)}
+ end
+
+ describe 'when overriding the fernet key directory' do
+ let :params do
+ default_params.merge({
+ 'enable_fernet_setup' => true,
+ 'fernet_key_repository' => '/var/lib/fernet-keys',
+ })
+ end
+ it { is_expected.to contain_exec('keystone-manage fernet_setup').with(
+ :creates => '/var/lib/fernet-keys/0'
+ ) }
+
+ end
+ end
+
+ describe 'when configuring paste_deploy' do
+ describe 'with default paste config on Debian' do
+ let :params do
+ default_params
+ end
+
+ it { is_expected.to contain_keystone_config('paste_deploy/config_file').with_ensure('absent')}
+ end
+
+ describe 'with default paste config on RedHat' do
+ let :facts do
+ global_facts.merge({
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6.0'
+ })
+ end
+ let :params do
+ default_params
+ end
+
+ it { is_expected.to contain_keystone_config('paste_deploy/config_file').with_value(
+ '/usr/share/keystone/keystone-dist-paste.ini'
+ )}
+ end
+
+ describe 'with overrided paste_deploy' do
+ let :params do
+ default_params.merge({
+ 'paste_config' => '/usr/share/keystone/keystone-paste.ini',
+ })
+ end
+
+ it { is_expected.to contain_keystone_config('paste_deploy/config_file').with_value(
+ '/usr/share/keystone/keystone-paste.ini'
+ )}
+ end
+ end
+
+ describe 'when configuring default domain' do
+ describe 'with default config' do
+ let :params do
+ default_params
+ end
+ it { is_expected.to_not contain_exec('restart_keystone') }
+ end
+ describe 'with default domain and service is managed and enabled' do
+ let :params do
+ default_params.merge({
+ 'default_domain'=> 'test',
+ })
+ end
+ it { is_expected.to contain_exec('restart_keystone') }
+ end
+ describe 'with default domain and service is not managed' do
+ let :params do
+ default_params.merge({
+ 'default_domain' => 'test',
+ 'manage_service' => false,
+ })
+ end
+ it { is_expected.to_not contain_exec('restart_keystone') }
+ end
+ end
+
+ context 'on RedHat platforms' do
+ let :facts do
+ global_facts.merge({
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '7.0'
+ })
+ end
+
+ let :platform_parameters do
+ {
+ :service_name => 'openstack-keystone'
+ }
+ end
+
+ it_configures 'when using default class parameters for httpd'
+ end
+
+ context 'on Debian platforms' do
+ let :facts do
+ global_facts.merge({
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '7.0'
+ })
+ end
+
+ let :platform_parameters do
+ {
+ :service_name => 'keystone'
+ }
+ end
+
+ it_configures 'when using default class parameters for httpd'
+ end
end