From c7354c9934ca0ca6d3dae5c18ec7d9b489014a15 Mon Sep 17 00:00:00 2001
From: Thomas Herve <therve@redhat.com>
Date: Wed, 1 Mar 2017 16:03:43 +0100
Subject: [PATCH] Allow configuration of Zaqar keystone roles

To be able to use the swift backend, we may need to configure Zaqar to
have the proper role to access Swift. This exposes the roles parameter
to allow that.

Change-Id: I9ce1bbc18d02383a5cdd3edbcf8c65c90165fb53
---
 manifests/keystone/auth.pp                           |  8 +++++++-
 .../notes/keystone_roles-a4c663156355bb51.yaml       |  5 +++++
 spec/classes/zaqar_keystone_auth_spec.rb             | 12 ++++++++++++
 3 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/keystone_roles-a4c663156355bb51.yaml

diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp
index 66ac013..7e4c10b 100644
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -51,11 +51,15 @@
 # [*service_description*]
 #   (optional) Description for keystone service.
 #   Defaults to 'Openstack workflow Service'.
-
+#
 # [*configure_user_role*]
 #   (optional) Whether to configure the admin role for the service user.
 #   Defaults to true
 #
+# [*roles*]
+#   (optional) Roles to give the service user.
+#   Defaults to undef
+#
 class zaqar::keystone::auth(
   $password,
   $email                  = 'zaqar@localhost',
@@ -72,6 +76,7 @@ class zaqar::keystone::auth(
   $configure_user         = true,
   $configure_user_role    = true,
   $service_description    = 'Openstack messaging Service',
+  $roles                  = undef,
 ) {
 
   include ::zaqar::deps
@@ -93,5 +98,6 @@ class zaqar::keystone::auth(
     public_url          => $public_url,
     admin_url           => $admin_url,
     internal_url        => $internal_url,
+    roles               => $roles,
   }
 }
diff --git a/releasenotes/notes/keystone_roles-a4c663156355bb51.yaml b/releasenotes/notes/keystone_roles-a4c663156355bb51.yaml
new file mode 100644
index 0000000..3ffcb0a
--- /dev/null
+++ b/releasenotes/notes/keystone_roles-a4c663156355bb51.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Allow configuration of Zaqar keystone roles, to be able to use as a Swift
+    user when the backend is configured.
diff --git a/spec/classes/zaqar_keystone_auth_spec.rb b/spec/classes/zaqar_keystone_auth_spec.rb
index 7a53e94..4b06d94 100644
--- a/spec/classes/zaqar_keystone_auth_spec.rb
+++ b/spec/classes/zaqar_keystone_auth_spec.rb
@@ -115,6 +115,18 @@ describe 'zaqar::keystone::auth' do
       ) }
 
     end
+
+    describe 'when setting roles' do
+      let :params do
+        { :password => 'zaqar_password',
+          :roles     => ['admin', 'ResellerAdmin'] }
+      end
+
+      it { is_expected.to contain_keystone_user_role('zaqar@services').with(
+        :ensure  => 'present',
+        :roles   => ['admin', 'ResellerAdmin']
+      )}
+    end
   end
 
   on_supported_os({