Commit 749da58c authored by Zuul's avatar Zuul Committed by Gerrit Code Review

Merge "Added rgw_keystone_implicit_tenants to ceph::rgw::keystone"

parents 2381f0f1 0626ccc0
......@@ -71,6 +71,10 @@
#
# [*rgw_keystone_admin_password*] The password for OpenStack admin user
# Required if rgw_keystone_version is 'v3'.
#
# [*rgw_keystone_implicit_tenants*] Set 'true' for a private tenant
# for each user.
# Defaults is true
define ceph::rgw::keystone (
$rgw_keystone_admin_token = undef,
......@@ -87,6 +91,7 @@ define ceph::rgw::keystone (
$rgw_keystone_admin_project = $::ceph::profile::params::rgw_keystone_admin_project,
$rgw_keystone_admin_user = $::ceph::profile::params::rgw_keystone_admin_user,
$rgw_keystone_admin_password = $::ceph::profile::params::rgw_keystone_admin_password,
$rgw_keystone_implicit_tenants = true,
) {
unless $name =~ /^radosgw\..+/ {
......@@ -98,6 +103,7 @@ define ceph::rgw::keystone (
"client.${name}/rgw_keystone_accepted_roles": value => join(any2array($rgw_keystone_accepted_roles), ',');
"client.${name}/rgw_keystone_token_cache_size": value => $rgw_keystone_token_cache_size;
"client.${name}/rgw_s3_auth_use_keystone": value => $rgw_s3_auth_use_keystone;
"client.${name}/rgw_keystone_implicit_tenants": value => $rgw_keystone_implicit_tenants;
}
if $rgw_keystone_version == 'v2.0' {
......
---
fixes:
- |
Added rgw_keystone_implicit_tenants to ceph::rgw::keystone. Setting
to true creates a new tenant per user.
......@@ -67,6 +67,7 @@ describe 'ceph::rgw::keystone' do
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_keystone_revocation_interval').with_value(600) }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/nss_db_path').with_value('/var/lib/ceph/nss') }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_keystone_implicit_tenants').with_value(true) }
it { is_expected.to contain_exec('radosgw.gateway-nssdb-ca').with(
'command' => "/bin/true # comment to satisfy puppet syntax requirements
......@@ -113,6 +114,7 @@ wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/signi
:use_pki => false,
:rgw_keystone_revocation_interval => 200,
:nss_db_path => '/some/path/to/nss',
:rgw_keystone_implicit_tenants => false,
}
end
......@@ -123,6 +125,7 @@ wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/signi
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) }
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_keystone_revocation_interval').with_ensure('absent') }
it { is_expected.to contain_ceph_config('client.radosgw.custom/nss_db_path').with_ensure('absent') }
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_keystone_implicit_tenants').with_value(false) }
it { is_expected.to_not contain_exec('radosgw.custom-nssdb-ca').with(
'command' => "/bin/true # comment to satisfy puppet syntax requirements
......@@ -227,6 +230,7 @@ wget --no-check-certificate http://keystone.custom:5000/v2.0/certificates/signin
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_s3_auth_use_keystone').with_value(true) }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_keystone_revocation_interval').with_value(600) }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/nss_db_path').with_value('/var/lib/ceph/nss') }
it { is_expected.to contain_ceph_config('client.radosgw.gateway/rgw_keystone_implicit_tenants').with_value(true) }
it { is_expected.to contain_exec('radosgw.gateway-nssdb-ca').with(
'command' => "/bin/true # comment to satisfy puppet syntax requirements
......@@ -272,6 +276,7 @@ wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/signi
:use_pki => false,
:rgw_keystone_revocation_interval => 200,
:nss_db_path => '/some/path/to/nss',
:rgw_keystone_implicit_tenants => false,
}
end
......@@ -282,6 +287,7 @@ wget --no-check-certificate http://keystone.default:5000/v2.0/certificates/signi
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_s3_auth_use_keystone').with_value(false) }
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_keystone_revocation_interval').with_ensure('absent') }
it { is_expected.to contain_ceph_config('client.radosgw.custom/nss_db_path').with_ensure('absent') }
it { is_expected.to contain_ceph_config('client.radosgw.custom/rgw_keystone_implicit_tenants').with_value(false) }
it { is_expected.to_not contain_exec('radosgw.custom-nssdb-ca').with(
'command' => "/bin/true # comment to satisfy puppet syntax requirements
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment