3c924d53d5
After spending huge effort to understand the exact requirements to enforce SRBAC, we learned it's very difficult to find the required scope in each credential. This requires understanding implementation of client-side as well as server-side, and requirement might be different according to the deployment architecture or features used. Instead of implementing support based on the actual implementation, this introduces support for system scope credentials to all places where keystone user credential is defined, and make all credential configurations consistent. Change-Id: I9004d2e863ac84f53a4e23d863a9c66ae4afc5c8
65 lines
2.5 KiB
Ruby
65 lines
2.5 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe 'vitrage::service_credentials' do
|
|
|
|
let :params do
|
|
{
|
|
:auth_url => 'http://localhost:5000',
|
|
:password => 'password',
|
|
}
|
|
end
|
|
|
|
shared_examples_for 'vitrage::service_credentials' do
|
|
|
|
it 'configures authentication' do
|
|
is_expected.to contain_vitrage_config('service_credentials/auth_url').with_value('http://localhost:5000')
|
|
is_expected.to contain_vitrage_config('service_credentials/region_name').with_value('RegionOne')
|
|
is_expected.to contain_vitrage_config('service_credentials/project_domain_name').with_value('Default')
|
|
is_expected.to contain_vitrage_config('service_credentials/user_domain_name').with_value('Default')
|
|
is_expected.to contain_vitrage_config('service_credentials/auth_type').with_value('password')
|
|
is_expected.to contain_vitrage_config('service_credentials/username').with_value('vitrage')
|
|
is_expected.to contain_vitrage_config('service_credentials/password').with_value('password').with_secret(true)
|
|
is_expected.to contain_vitrage_config('service_credentials/project_name').with_value('services')
|
|
is_expected.to contain_vitrage_config('service_credentials/cacert').with_value('<SERVICE DEFAULT>')
|
|
is_expected.to contain_vitrage_config('service_credentials/system_scope').with_value('<SERVICE DEFAULT>')
|
|
end
|
|
|
|
context 'when overriding parameters' do
|
|
before do
|
|
params.merge!(
|
|
:cacert => '/tmp/dummy.pem',
|
|
:interface => 'internalURL',
|
|
)
|
|
end
|
|
it { is_expected.to contain_vitrage_config('service_credentials/cacert').with_value(params[:cacert]) }
|
|
it { is_expected.to contain_vitrage_config('service_credentials/interface').with_value(params[:interface]) }
|
|
end
|
|
|
|
context 'when system_scope is set' do
|
|
before do
|
|
params.merge!(
|
|
:system_scope => 'all'
|
|
)
|
|
end
|
|
it 'configures system-scoped credential' do
|
|
is_expected.to contain_vitrage_config('service_credentials/project_domain_name').with_value('<SERVICE DEFAULT>')
|
|
is_expected.to contain_vitrage_config('service_credentials/project_name').with_value('<SERVICE DEFAULT>')
|
|
is_expected.to contain_vitrage_config('service_credentials/system_scope').with_value('all')
|
|
end
|
|
end
|
|
end
|
|
|
|
on_supported_os({
|
|
:supported_os => OSDefaults.get_supported_os
|
|
}).each do |os,facts|
|
|
context "on #{os}" do
|
|
let (:facts) do
|
|
facts.merge!(OSDefaults.get_facts())
|
|
end
|
|
|
|
it_configures 'vitrage::service_credentials'
|
|
end
|
|
end
|
|
|
|
end
|