Add the posibility to tell openstack to use --os_cacert for keystone_tenant

author Martin Zobel-Helas <zobel@debian.org>

Fri, 3 Jul 2015 11:28:01 +0000 (11:28 +0000)

committer Martin Zobel-Helas <zobel@debian.org>

Fri, 3 Jul 2015 11:29:21 +0000 (11:29 +0000)
author Martin Zobel-Helas <zobel@debian.org>
Fri, 3 Jul 2015 11:28:01 +0000 (11:28 +0000)
committer Martin Zobel-Helas <zobel@debian.org>
Fri, 3 Jul 2015 11:29:21 +0000 (11:29 +0000)
diff --git a/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb b/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb

index 7d19fcef0a8dcffe74e2f865ce2af1f957c2b755..ef15c50e6f48792bdcaf058dbf0535dab6cecc24 100644 (file)
--- a/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb
+++ b/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb
@@ -58,7 +58,12 @@ Puppet::Type.type(:keystone_tenant).provide(
    end
  
    def self.instances
    end
  
    def self.instances
-    list = request('project', 'list', nil, nil, '--long')
+    if not resource[:os_cacert].nil?
+      resource_args = ['project', 'list', nil, nil, '--long', '--os-cacert', resource[:os_cacert]]
+    else
+      resource_args = ['project', 'list', nil, nil, '--long']
+    end
+    list = request(resource_args)
      list.collect do |project|
        new(
          :name        => project[:name],
      list.collect do |project|
        new(
          :name        => project[:name],
@@ -71,7 +76,12 @@ Puppet::Type.type(:keystone_tenant).provide(
    end
  
    def instances
    end
  
    def instances
-    instances = request('project', 'list', nil, resource[:auth], '--long')
+    if not resource[:os_cacert].nil?
+      resource_args = ['project', 'list', nil, resource[:auth], '--long', '--os-cacert', resource[:os_cacert]]
+    else
+      resource_args = ['project', 'list', nil, resource[:auth], '--long']
+    end
+    instances = request(resource_args)
      instances.collect do |project|
        {
          :name        => project[:name],
      instances.collect do |project|
        {
          :name        => project[:name],
diff --git a/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb b/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb

index 3e1de7f3784e649f6dd1d06afbd9dcc31f456885..f8aac517d7713ca7c6b3e17850bda8f4141eaa57 100644 (file)
--- a/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb
+++ b/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb
@@ -12,6 +12,10 @@ Puppet::Type.newtype(:keystone_tenant) do
      newvalues(/\w+/)
    end
  
      newvalues(/\w+/)
    end
  
+  newparam(:os_cacert) do
+    desc 'Parse os_cacert.'
+  end
+
    newproperty(:enabled) do
      desc 'Whether the tenant should be enabled. Defaults to true.'
      newvalues(/(t|T)rue/, /(f|F)alse/, true, false )
    newproperty(:enabled) do
      desc 'Whether the tenant should be enabled. Defaults to true.'
      newvalues(/(t|T)rue/, /(f|F)alse/, true, false )
diff --git a/3rdparty/modules/keystone/manifests/roles/admin.pp b/3rdparty/modules/keystone/manifests/roles/admin.pp

index 4fd5e097040b9b89fdc1d457c4c023897f0c69c7..9e555753025a57e84b05ca0db7f36a4886b78f92 100644 (file)
--- a/3rdparty/modules/keystone/manifests/roles/admin.pp
+++ b/3rdparty/modules/keystone/manifests/roles/admin.pp
@@ -43,17 +43,20 @@ class keystone::roles::admin(
    $service_tenant_desc    = 'Tenant for the openstack services',
    $configure_user         = true,
    $configure_user_role    = true,
    $service_tenant_desc    = 'Tenant for the openstack services',
    $configure_user         = true,
    $configure_user_role    = true,
+  $validate_cacert        = undef,
  ) {
  
    keystone_tenant { $service_tenant:
      ensure      => present,
      enabled     => true,
      description => $service_tenant_desc,
  ) {
  
    keystone_tenant { $service_tenant:
      ensure      => present,
      enabled     => true,
      description => $service_tenant_desc,
+    os_cacert   => $validate_cacert,
    }
    keystone_tenant { $admin_tenant:
      ensure      => present,
      enabled     => true,
      description => $admin_tenant_desc,
    }
    keystone_tenant { $admin_tenant:
      ensure      => present,
      enabled     => true,
      description => $admin_tenant_desc,
+    os_cacert   => $validate_cacert,
    }
    keystone_role { 'admin':
      ensure => present,
    }
    keystone_role { 'admin':
      ensure => present,
diff --git a/modules/roles/manifests/keystone.pp b/modules/roles/manifests/keystone.pp

index e265e541a990554443955e167747a2ac9ed9ef18..f05bab7a075abb97cb238ce2ce98635df0a45fab 100644 (file)
--- a/modules/roles/manifests/keystone.pp
+++ b/modules/roles/manifests/keystone.pp
@@ -30,6 +30,7 @@ class roles::keystone {
         class { '::keystone::roles::admin':
                 email    => 'test@puppetlabs.com',
                 password => $admin_pass,
         class { '::keystone::roles::admin':
                 email    => 'test@puppetlabs.com',
                 password => $admin_pass,
+               validate_cacert     => '/etc/ssl/debian/certs/ca.crt',
         }
         class { '::keystone::endpoint':
                 public_url => 'https://openstack.bm.debian.org:5000/',
         }
         class { '::keystone::endpoint':
                 public_url => 'https://openstack.bm.debian.org:5000/',
author	Martin Zobel-Helas <zobel@debian.org>
	Fri, 3 Jul 2015 11:28:01 +0000 (11:28 +0000)
committer	Martin Zobel-Helas <zobel@debian.org>
	Fri, 3 Jul 2015 11:29:21 +0000 (11:29 +0000)
3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb		patch \| blob \| history
3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb		patch \| blob \| history
3rdparty/modules/keystone/manifests/roles/admin.pp		patch \| blob \| history
modules/roles/manifests/keystone.pp		patch \| blob \| history