Add the posibility to tell openstack to use --os_cacert for keystone_tenant

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>

diff --git a/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb b/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb
index 7d19fce..ef15c50 100644 (file)
--- a/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb
+++ b/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb
@@ -58,7 +58,12 @@ Puppet::Type.type(:keystone_tenant).provide(
   end
 
   def self.instances
-    list = request('project', 'list', nil, nil, '--long')
+    if not resource[:os_cacert].nil?
+      resource_args = ['project', 'list', nil, nil, '--long', '--os-cacert', resource[:os_cacert]]
+    else
+      resource_args = ['project', 'list', nil, nil, '--long']
+    end
+    list = request(resource_args)
     list.collect do |project|
       new(
         :name        => project[:name],
@@ -71,7 +76,12 @@ Puppet::Type.type(:keystone_tenant).provide(
   end
 
   def instances
-    instances = request('project', 'list', nil, resource[:auth], '--long')
+    if not resource[:os_cacert].nil?
+      resource_args = ['project', 'list', nil, resource[:auth], '--long', '--os-cacert', resource[:os_cacert]]
+    else
+      resource_args = ['project', 'list', nil, resource[:auth], '--long']
+    end
+    instances = request(resource_args)
     instances.collect do |project|
       {
         :name        => project[:name],

diff --git a/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb b/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb
index 3e1de7f..f8aac51 100644 (file)
--- a/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb
+++ b/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb
@@ -12,6 +12,10 @@ Puppet::Type.newtype(:keystone_tenant) do
     newvalues(/\w+/)
   end
 
+  newparam(:os_cacert) do
+    desc 'Parse os_cacert.'
+  end
+
   newproperty(:enabled) do
     desc 'Whether the tenant should be enabled. Defaults to true.'
     newvalues(/(t|T)rue/, /(f|F)alse/, true, false )

diff --git a/3rdparty/modules/keystone/manifests/roles/admin.pp b/3rdparty/modules/keystone/manifests/roles/admin.pp
index 4fd5e09..9e55575 100644 (file)
--- a/3rdparty/modules/keystone/manifests/roles/admin.pp
+++ b/3rdparty/modules/keystone/manifests/roles/admin.pp
@@ -43,17 +43,20 @@ class keystone::roles::admin(
   $service_tenant_desc    = 'Tenant for the openstack services',
   $configure_user         = true,
   $configure_user_role    = true,
+  $validate_cacert        = undef,
 ) {
 
   keystone_tenant { $service_tenant:
     ensure      => present,
     enabled     => true,
     description => $service_tenant_desc,
+    os_cacert   => $validate_cacert,
   }
   keystone_tenant { $admin_tenant:
     ensure      => present,
     enabled     => true,
     description => $admin_tenant_desc,
+    os_cacert   => $validate_cacert,
   }
   keystone_role { 'admin':
     ensure => present,

diff --git a/modules/roles/manifests/keystone.pp b/modules/roles/manifests/keystone.pp
index e265e54..f05bab7 100644 (file)
--- a/modules/roles/manifests/keystone.pp
+++ b/modules/roles/manifests/keystone.pp
@@ -30,6 +30,7 @@ class roles::keystone {
        class { '::keystone::roles::admin':
                email    => 'test@puppetlabs.com',
                password => $admin_pass,
+               validate_cacert     => '/etc/ssl/debian/certs/ca.crt',
        }
        class { '::keystone::endpoint':
                public_url => 'https://openstack.bm.debian.org:5000/',