8 :concat_basedir => '/var/lib/puppet/concat',
9 :fqdn => 'some.host.tld'
15 :osfamily => 'Debian',
16 :operatingsystem => 'Debian',
17 :operatingsystemrelease => '7.0',
18 :processorcount => '1'
23 'admin_token' => 'service_token',
24 'package_ensure' => 'present',
25 'client_package_ensure' => 'present',
26 'public_bind_host' => '0.0.0.0',
27 'admin_bind_host' => '0.0.0.0',
28 'public_port' => '5000',
29 'admin_port' => '35357',
30 'admin_token' => 'service_token',
33 'catalog_type' => 'sql',
34 'catalog_driver' => false,
35 'token_provider' => 'keystone.token.providers.uuid.Provider',
36 'token_driver' => 'keystone.token.persistence.backends.sql.Token',
37 'revoke_driver' => 'keystone.contrib.revoke.backends.sql.Revoke',
38 'cache_dir' => '/var/cache/keystone',
39 'enable_ssl' => false,
40 'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem',
41 'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem',
42 'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
43 'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
44 'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
46 'manage_service' => true,
47 'database_connection' => 'sqlite:////var/lib/keystone/keystone.db',
48 'database_idle_timeout' => '200',
49 'enable_pki_setup' => true,
50 'signing_certfile' => '/etc/keystone/ssl/certs/signing_cert.pem',
51 'signing_keyfile' => '/etc/keystone/ssl/private/signing_key.pem',
52 'signing_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
53 'signing_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
54 'rabbit_host' => 'localhost',
55 'rabbit_password' => 'guest',
56 'rabbit_userid' => 'guest',
57 'admin_workers' => 20,
58 'public_workers' => 20,
63 'package_ensure' => 'latest',
64 'client_package_ensure' => 'latest',
65 'public_bind_host' => '0.0.0.0',
66 'admin_bind_host' => '0.0.0.0',
67 'public_port' => '5001',
68 'admin_port' => '35358',
69 'admin_token' => 'service_token_override',
72 'catalog_type' => 'template',
73 'token_provider' => 'keystone.token.providers.uuid.Provider',
74 'token_driver' => 'keystone.token.backends.kvs.Token',
75 'revoke_driver' => 'keystone.contrib.revoke.backends.kvs.Revoke',
76 'public_endpoint' => 'https://localhost:5000/v2.0/',
77 'admin_endpoint' => 'https://localhost:35357/v2.0/',
79 'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem',
80 'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem',
81 'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
82 'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
83 'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
85 'manage_service' => true,
86 'database_connection' => 'mysql://a:b@c/d',
87 'database_idle_timeout' => '300',
88 'enable_pki_setup' => true,
89 'signing_certfile' => '/etc/keystone/ssl/certs/signing_cert.pem',
90 'signing_keyfile' => '/etc/keystone/ssl/private/signing_key.pem',
91 'signing_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
92 'signing_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
93 'rabbit_host' => '127.0.0.1',
94 'rabbit_password' => 'openstack',
95 'rabbit_userid' => 'admin',
98 httpd_params = {'service_name' => 'httpd'}.merge(default_params)
100 shared_examples_for 'core keystone examples' do |param_hash|
101 it { is_expected.to contain_class('keystone::params') }
103 it { is_expected.to contain_package('keystone').with(
104 'ensure' => param_hash['package_ensure'],
108 it { is_expected.to contain_package('python-openstackclient').with(
109 'ensure' => param_hash['client_package_ensure'],
113 it { is_expected.to contain_group('keystone').with(
114 'ensure' => 'present',
118 it { is_expected.to contain_user('keystone').with(
119 'ensure' => 'present',
124 it 'should contain the expected directories' do
125 ['/etc/keystone', '/var/log/keystone', '/var/lib/keystone'].each do |d|
126 is_expected.to contain_file(d).with(
127 'ensure' => 'directory',
128 'owner' => 'keystone',
129 'group' => 'keystone',
131 'require' => 'Package[keystone]'
136 it 'should synchronize the db if $sync_db is true' do
137 if param_hash['sync_db']
138 is_expected.to contain_exec('keystone-manage db_sync').with(
140 :refreshonly => true,
141 :subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'],
142 :require => 'User[keystone]'
147 it 'should contain correct config' do
156 is_expected.to contain_keystone_config("DEFAULT/#{config}").with_value(param_hash[config])
160 it 'should contain correct admin_token config' do
161 is_expected.to contain_keystone_config('DEFAULT/admin_token').with_value(param_hash['admin_token']).with_secret(true)
164 it 'should contain correct mysql config' do
165 is_expected.to contain_keystone_config('database/idle_timeout').with_value(param_hash['database_idle_timeout'])
166 is_expected.to contain_keystone_config('database/connection').with_value(param_hash['database_connection']).with_secret(true)
169 it { is_expected.to contain_keystone_config('token/provider').with_value(
170 param_hash['token_provider']
173 it 'should contain correct token driver' do
174 is_expected.to contain_keystone_config('token/driver').with_value(param_hash['token_driver'])
177 it 'should contain correct revoke driver' do
178 should contain_keystone_config('revoke/driver').with_value(param_hash['revoke_driver'])
181 it 'should ensure proper setting of admin_endpoint and public_endpoint' do
182 if param_hash['admin_endpoint']
183 is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value(param_hash['admin_endpoint'])
185 is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent')
187 if param_hash['public_endpoint']
188 is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint'])
190 is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent')
194 it 'should contain correct rabbit_password' do
195 is_expected.to contain_keystone_config('DEFAULT/rabbit_password').with_value(param_hash['rabbit_password']).with_secret(true)
198 it 'should remove max_token_size param by default' do
199 is_expected.to contain_keystone_config('DEFAULT/max_token_size').with_ensure('absent')
202 it 'should ensure proper setting of admin_workers and public_workers' do
203 if param_hash['admin_workers']
204 is_expected.to contain_keystone_config('DEFAULT/admin_workers').with_value(param_hash['admin_workers'])
206 is_expected.to contain_keystone_config('DEFAULT/admin_workers').with_value('2')
208 if param_hash['public_workers']
209 is_expected.to contain_keystone_config('DEFAULT/public_workers').with_value(param_hash['public_workers'])
211 is_expected.to contain_keystone_config('DEFAULT/public_workers').with_value('2')
216 [default_params, override_params].each do |param_hash|
217 describe "when #{param_hash == default_params ? "using default" : "specifying"} class parameters for service" do
223 it_configures 'core keystone examples', param_hash
225 it { is_expected.to contain_service('keystone').with(
226 'ensure' => (param_hash['manage_service'] && param_hash['enabled']) ? 'running' : 'stopped',
227 'enable' => param_hash['enabled'],
235 shared_examples_for "when using default class parameters for httpd" do
240 let :pre_condition do
244 it_configures 'core keystone examples', httpd_params
248 should contain_service(platform_parameters[:service_name]).with('ensure' => 'running')
249 }.to raise_error(RSpec::Expectations::ExpectationNotMetError, /expected that the catalogue would contain Service\[#{platform_parameters[:service_name]}\]/)
252 it { should contain_class('keystone::service').with(
253 'ensure' => 'stopped',
254 'service_name' => platform_parameters[:service_name],
260 describe 'when using invalid service name for keystone' do
261 let (:params) { {'service_name' => 'foo'}.merge(default_params) }
263 it_raises 'a Puppet::Error', /Invalid service_name/
266 describe 'with disabled service managing' do
268 { :admin_token => 'service_token',
269 :manage_service => false,
273 it { is_expected.to contain_service('keystone').with(
281 describe 'when configuring signing token provider' do
283 describe 'when configuring as UUID' do
286 'admin_token' => 'service_token',
287 'token_provider' => 'keystone.token.providers.uuid.Provider'
290 it { is_expected.to contain_exec('keystone-manage pki_setup').with(
291 :creates => '/etc/keystone/ssl/private/signing_key.pem'
293 it { is_expected.to contain_file('/var/cache/keystone').with_ensure('directory') }
295 describe 'when overriding the cache dir' do
297 params.merge!(:cache_dir => '/var/lib/cache/keystone')
299 it { is_expected.to contain_file('/var/lib/cache/keystone') }
302 describe 'when disable pki_setup' do
304 params.merge!(:enable_pki_setup => false)
306 it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
310 describe 'when configuring as PKI' do
313 'admin_token' => 'service_token',
314 'token_provider' => 'keystone.token.providers.pki.Provider'
317 it { is_expected.to contain_exec('keystone-manage pki_setup').with(
318 :creates => '/etc/keystone/ssl/private/signing_key.pem'
320 it { is_expected.to contain_file('/var/cache/keystone').with_ensure('directory') }
322 describe 'when overriding the cache dir' do
324 params.merge!(:cache_dir => '/var/lib/cache/keystone')
326 it { is_expected.to contain_file('/var/lib/cache/keystone') }
329 describe 'when disable pki_setup' do
331 params.merge!(:enable_pki_setup => false)
333 it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
337 describe 'when configuring PKI signing cert paths with UUID and with pki_setup disabled' do
340 'admin_token' => 'service_token',
341 'token_provider' => 'keystone.token.providers.uuid.Provider',
342 'enable_pki_setup' => false,
343 'signing_certfile' => 'signing_certfile',
344 'signing_keyfile' => 'signing_keyfile',
345 'signing_ca_certs' => 'signing_ca_certs',
346 'signing_ca_key' => 'signing_ca_key',
347 'signing_cert_subject' => 'signing_cert_subject',
348 'signing_key_size' => 2048
352 it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
354 it 'should contain correct PKI certfile config' do
355 is_expected.to contain_keystone_config('signing/certfile').with_value('signing_certfile')
358 it 'should contain correct PKI keyfile config' do
359 is_expected.to contain_keystone_config('signing/keyfile').with_value('signing_keyfile')
362 it 'should contain correct PKI ca_certs config' do
363 is_expected.to contain_keystone_config('signing/ca_certs').with_value('signing_ca_certs')
366 it 'should contain correct PKI ca_key config' do
367 is_expected.to contain_keystone_config('signing/ca_key').with_value('signing_ca_key')
370 it 'should contain correct PKI cert_subject config' do
371 is_expected.to contain_keystone_config('signing/cert_subject').with_value('signing_cert_subject')
374 it 'should contain correct PKI key_size config' do
375 is_expected.to contain_keystone_config('signing/key_size').with_value('2048')
379 describe 'when configuring PKI signing cert paths with pki_setup disabled' do
382 'admin_token' => 'service_token',
383 'token_provider' => 'keystone.token.providers.pki.Provider',
384 'enable_pki_setup' => false,
385 'signing_certfile' => 'signing_certfile',
386 'signing_keyfile' => 'signing_keyfile',
387 'signing_ca_certs' => 'signing_ca_certs',
388 'signing_ca_key' => 'signing_ca_key',
389 'signing_cert_subject' => 'signing_cert_subject',
390 'signing_key_size' => 2048
394 it { is_expected.to_not contain_exec('keystone-manage pki_setup') }
396 it 'should contain correct PKI certfile config' do
397 is_expected.to contain_keystone_config('signing/certfile').with_value('signing_certfile')
400 it 'should contain correct PKI keyfile config' do
401 is_expected.to contain_keystone_config('signing/keyfile').with_value('signing_keyfile')
404 it 'should contain correct PKI ca_certs config' do
405 is_expected.to contain_keystone_config('signing/ca_certs').with_value('signing_ca_certs')
408 it 'should contain correct PKI ca_key config' do
409 is_expected.to contain_keystone_config('signing/ca_key').with_value('signing_ca_key')
412 it 'should contain correct PKI cert_subject config' do
413 is_expected.to contain_keystone_config('signing/cert_subject').with_value('signing_cert_subject')
416 it 'should contain correct PKI key_size config' do
417 is_expected.to contain_keystone_config('signing/key_size').with_value('2048')
421 describe 'with invalid catalog_type' do
423 { :admin_token => 'service_token',
424 :catalog_type => 'invalid' }
427 it_raises "a Puppet::Error", /validate_re\(\): "invalid" does not match "template|sql"/
430 describe 'when configuring catalog driver' do
432 { :admin_token => 'service_token',
433 :catalog_driver => 'keystone.catalog.backends.alien.AlienCatalog' }
436 it { is_expected.to contain_keystone_config('catalog/driver').with_value(params[:catalog_driver]) }
440 describe 'when configuring token expiration' do
443 'admin_token' => 'service_token',
444 'token_expiration' => '42',
448 it { is_expected.to contain_keystone_config("token/expiration").with_value('42') }
451 describe 'when not configuring token expiration' do
454 'admin_token' => 'service_token',
458 it { is_expected.to contain_keystone_config("token/expiration").with_value('3600') }
461 describe 'when sync_db is set to false' do
464 'admin_token' => 'service_token',
469 it { is_expected.not_to contain_exec('keystone-manage db_sync') }
472 describe 'configure memcache servers if set' do
475 'admin_token' => 'service_token',
476 'memcache_servers' => [ 'SERVER1:11211', 'SERVER2:11211' ],
477 'token_driver' => 'keystone.token.backends.memcache.Token',
478 'cache_backend' => 'dogpile.cache.memcached',
479 'cache_backend_argument' => ['url:SERVER1:12211'],
483 it { is_expected.to contain_keystone_config("memcache/servers").with_value('SERVER1:11211,SERVER2:11211') }
484 it { is_expected.to contain_keystone_config('cache/enabled').with_value(true) }
485 it { is_expected.to contain_keystone_config('token/caching').with_value(true) }
486 it { is_expected.to contain_keystone_config('cache/backend').with_value('dogpile.cache.memcached') }
487 it { is_expected.to contain_keystone_config('cache/backend_argument').with_value('url:SERVER1:12211') }
488 it { is_expected.to contain_package('python-memcache').with(
489 :name => 'python-memcache',
494 describe 'do not configure memcache servers when not set' do
499 it { is_expected.to contain_keystone_config("cache/enabled").with_ensure('absent') }
500 it { is_expected.to contain_keystone_config("token/caching").with_ensure('absent') }
501 it { is_expected.to contain_keystone_config("cache/backend").with_ensure('absent') }
502 it { is_expected.to contain_keystone_config("cache/backend_argument").with_ensure('absent') }
503 it { is_expected.to contain_keystone_config("cache/debug_cache_backend").with_ensure('absent') }
504 it { is_expected.to contain_keystone_config("memcache/servers").with_ensure('absent') }
507 describe 'raise error if memcache_servers is not an array' do
510 'admin_token' => 'service_token',
511 'memcache_servers' => 'ANY_SERVER:11211'
515 it { expect { is_expected.to contain_class('keystone::params') }.to \
516 raise_error(Puppet::Error, /is not an Array/) }
519 describe 'with syslog disabled by default' do
524 it { is_expected.to contain_keystone_config('DEFAULT/use_syslog').with_value(false) }
525 it { is_expected.to_not contain_keystone_config('DEFAULT/syslog_log_facility') }
528 describe 'with syslog enabled' do
530 default_params.merge({
531 :use_syslog => 'true',
535 it { is_expected.to contain_keystone_config('DEFAULT/use_syslog').with_value(true) }
536 it { is_expected.to contain_keystone_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') }
539 describe 'with syslog enabled and custom settings' do
541 default_params.merge({
542 :use_syslog => 'true',
543 :log_facility => 'LOG_LOCAL0'
547 it { is_expected.to contain_keystone_config('DEFAULT/use_syslog').with_value(true) }
548 it { is_expected.to contain_keystone_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') }
551 describe 'with log_file disabled by default' do
555 it { is_expected.to contain_keystone_config('DEFAULT/log_file').with_ensure('absent') }
558 describe 'with log_file and log_dir enabled' do
560 default_params.merge({
561 :log_file => 'keystone.log',
562 :log_dir => '/var/lib/keystone'
565 it { is_expected.to contain_keystone_config('DEFAULT/log_file').with_value('keystone.log') }
566 it { is_expected.to contain_keystone_config('DEFAULT/log_dir').with_value('/var/lib/keystone') }
569 describe 'with log_file and log_dir disabled' do
571 default_params.merge({
576 it { is_expected.to contain_keystone_config('DEFAULT/log_file').with_ensure('absent') }
577 it { is_expected.to contain_keystone_config('DEFAULT/log_dir').with_ensure('absent') }
580 describe 'when enabling SSL' do
583 'admin_token' => 'service_token',
584 'enable_ssl' => true,
585 'public_endpoint' => 'https://localhost:5000/v2.0/',
586 'admin_endpoint' => 'https://localhost:35357/v2.0/',
589 it {is_expected.to contain_keystone_config('ssl/enable').with_value(true)}
590 it {is_expected.to contain_keystone_config('ssl/certfile').with_value('/etc/keystone/ssl/certs/keystone.pem')}
591 it {is_expected.to contain_keystone_config('ssl/keyfile').with_value('/etc/keystone/ssl/private/keystonekey.pem')}
592 it {is_expected.to contain_keystone_config('ssl/ca_certs').with_value('/etc/keystone/ssl/certs/ca.pem')}
593 it {is_expected.to contain_keystone_config('ssl/ca_key').with_value('/etc/keystone/ssl/private/cakey.pem')}
594 it {is_expected.to contain_keystone_config('ssl/cert_subject').with_value('/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost')}
595 it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('https://localhost:5000/v2.0/')}
596 it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('https://localhost:35357/v2.0/')}
598 describe 'when disabling SSL' do
601 'admin_token' => 'service_token',
602 'enable_ssl' => false,
605 it {is_expected.to contain_keystone_config('ssl/enable').with_value(false)}
606 it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent')}
607 it {is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent')}
609 describe 'not setting notification settings by default' do
614 it { is_expected.to contain_keystone_config('DEFAULT/notification_driver').with_value(nil) }
615 it { is_expected.to contain_keystone_config('DEFAULT/notification_topics').with_value(nil) }
616 it { is_expected.to contain_keystone_config('DEFAULT/notification_format').with_value(nil) }
617 it { is_expected.to contain_keystone_config('DEFAULT/control_exchange').with_value(nil) }
620 describe 'with RabbitMQ communication SSLed' do
622 default_params.merge!({
623 :rabbit_use_ssl => true,
624 :kombu_ssl_ca_certs => '/path/to/ssl/ca/certs',
625 :kombu_ssl_certfile => '/path/to/ssl/cert/file',
626 :kombu_ssl_keyfile => '/path/to/ssl/keyfile',
627 :kombu_ssl_version => 'TLSv1'
632 is_expected.to contain_keystone_config('DEFAULT/rabbit_use_ssl').with_value('true')
633 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_ca_certs').with_value('/path/to/ssl/ca/certs')
634 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_certfile').with_value('/path/to/ssl/cert/file')
635 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_keyfile').with_value('/path/to/ssl/keyfile')
636 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_version').with_value('TLSv1')
640 describe 'with RabbitMQ communication not SSLed' do
642 default_params.merge!({
643 :rabbit_use_ssl => false,
644 :kombu_ssl_ca_certs => 'undef',
645 :kombu_ssl_certfile => 'undef',
646 :kombu_ssl_keyfile => 'undef',
647 :kombu_ssl_version => 'TLSv1'
652 is_expected.to contain_keystone_config('DEFAULT/rabbit_use_ssl').with_value('false')
653 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
654 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
655 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
656 is_expected.to contain_keystone_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
660 describe 'when configuring max_token_size' do
662 default_params.merge({:max_token_size => '16384' })
665 it { is_expected.to contain_keystone_config('DEFAULT/max_token_size').with_value(params[:max_token_size]) }
668 describe 'setting notification settings' do
670 default_params.merge({
671 :notification_driver => 'keystone.openstack.common.notifier.rpc_notifier',
672 :notification_topics => 'notifications',
673 :notification_format => 'cadf',
674 :control_exchange => 'keystone'
678 it { is_expected.to contain_keystone_config('DEFAULT/notification_driver').with_value('keystone.openstack.common.notifier.rpc_notifier') }
679 it { is_expected.to contain_keystone_config('DEFAULT/notification_topics').with_value('notifications') }
680 it { is_expected.to contain_keystone_config('DEFAULT/notification_format').with_value('cadf') }
681 it { is_expected.to contain_keystone_config('DEFAULT/control_exchange').with_value('keystone') }
684 describe 'setting sql (default) catalog' do
689 it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.sql.Catalog') }
692 describe 'setting default template catalog' do
695 :admin_token => 'service_token',
696 :catalog_type => 'template'
700 it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
701 it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/etc/keystone/default_catalog.templates') }
704 describe 'with overridden validation_auth_url' do
707 :admin_token => 'service_token',
708 :validate_service => true,
709 :validate_auth_url => 'http://some.host:35357/v2.0',
710 :admin_endpoint => 'http://some.host:35357'
714 it { is_expected.to contain_keystone_config('DEFAULT/admin_endpoint').with_value('http://some.host:35357') }
715 it { is_expected.to contain_class('keystone::service').with(
717 'admin_endpoint' => 'http://some.host:35357/v2.0'
721 describe 'with service validation' do
724 :admin_token => 'service_token',
725 :validate_service => true,
726 :admin_endpoint => 'http://some.host:35357'
730 it { is_expected.to contain_class('keystone::service').with(
732 'admin_endpoint' => 'http://some.host:35357'
736 describe 'setting another template catalog' do
739 :admin_token => 'service_token',
740 :catalog_type => 'template',
741 :catalog_template_file => '/some/template_file'
745 it { is_expected.to contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
746 it { is_expected.to contain_keystone_config('catalog/template_file').with_value('/some/template_file') }
749 describe 'setting service_provider' do
752 :osfamily => 'RedHat',
753 :operatingsystemrelease => '6.0'
757 describe 'with default service_provider' do
759 { 'admin_token' => 'service_token' }
762 it { is_expected.to contain_service('keystone').with(
767 describe 'with overrided service_provider' do
770 'admin_token' => 'service_token',
771 'service_provider' => 'pacemaker'
775 it { is_expected.to contain_service('keystone').with(
776 :provider => 'pacemaker'
781 describe 'when using fernet tokens' do
782 describe 'when enabling fernet_setup' do
784 default_params.merge({
785 'enable_fernet_setup' => true,
786 'fernet_max_active_keys' => 5,
790 it { is_expected.to contain_exec('keystone-manage fernet_setup').with(
791 :creates => '/etc/keystone/fernet-keys/0'
793 it { is_expected.to contain_keystone_config('fernet_tokens/max_active_keys').with_value(5)}
796 describe 'when overriding the fernet key directory' do
798 default_params.merge({
799 'enable_fernet_setup' => true,
800 'fernet_key_repository' => '/var/lib/fernet-keys',
803 it { is_expected.to contain_exec('keystone-manage fernet_setup').with(
804 :creates => '/var/lib/fernet-keys/0'
810 describe 'when configuring paste_deploy' do
811 describe 'with default paste config on Debian' do
816 it { is_expected.to contain_keystone_config('paste_deploy/config_file').with_ensure('absent')}
819 describe 'with default paste config on RedHat' do
822 :osfamily => 'RedHat',
823 :operatingsystemrelease => '6.0'
830 it { is_expected.to contain_keystone_config('paste_deploy/config_file').with_value(
831 '/usr/share/keystone/keystone-dist-paste.ini'
835 describe 'with overrided paste_deploy' do
837 default_params.merge({
838 'paste_config' => '/usr/share/keystone/keystone-paste.ini',
842 it { is_expected.to contain_keystone_config('paste_deploy/config_file').with_value(
843 '/usr/share/keystone/keystone-paste.ini'
848 context 'on RedHat platforms' do
851 :osfamily => 'RedHat',
852 :operatingsystemrelease => '7.0'
856 let :platform_parameters do
858 :service_name => 'openstack-keystone'
862 it_configures 'when using default class parameters for httpd'
865 context 'on Debian platforms' do
868 :osfamily => 'Debian',
869 :operatingsystem => 'Debian',
870 :operatingsystemrelease => '7.0'
874 let :platform_parameters do
876 :service_name => 'keystone'
880 it_configures 'when using default class parameters for httpd'