From: Martin Zobel-Helas <zobel@debian.org>
Date: Fri, 3 Jul 2015 11:28:01 +0000 (+0000)
Subject: Add the posibility to tell openstack to use --os_cacert for keystone_tenant
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=9323043aa25de76c23ba73489d575aecc7a8041d

Add the posibility to tell openstack to use --os_cacert for keystone_tenant

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
---

diff --git a/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb b/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb
index 7d19fcef..ef15c50e 100644
--- a/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb
+++ b/3rdparty/modules/keystone/lib/puppet/provider/keystone_tenant/openstack.rb
@@ -58,7 +58,12 @@ Puppet::Type.type(:keystone_tenant).provide(
   end
 
   def self.instances
-    list = request('project', 'list', nil, nil, '--long')
+    if not resource[:os_cacert].nil?
+      resource_args = ['project', 'list', nil, nil, '--long', '--os-cacert', resource[:os_cacert]]
+    else
+      resource_args = ['project', 'list', nil, nil, '--long']
+    end
+    list = request(resource_args)
     list.collect do |project|
       new(
         :name        => project[:name],
@@ -71,7 +76,12 @@ Puppet::Type.type(:keystone_tenant).provide(
   end
 
   def instances
-    instances = request('project', 'list', nil, resource[:auth], '--long')
+    if not resource[:os_cacert].nil?
+      resource_args = ['project', 'list', nil, resource[:auth], '--long', '--os-cacert', resource[:os_cacert]]
+    else
+      resource_args = ['project', 'list', nil, resource[:auth], '--long']
+    end
+    instances = request(resource_args)
     instances.collect do |project|
       {
         :name        => project[:name],
diff --git a/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb b/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb
index 3e1de7f3..f8aac517 100644
--- a/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb
+++ b/3rdparty/modules/keystone/lib/puppet/type/keystone_tenant.rb
@@ -12,6 +12,10 @@ Puppet::Type.newtype(:keystone_tenant) do
     newvalues(/\w+/)
   end
 
+  newparam(:os_cacert) do
+    desc 'Parse os_cacert.'
+  end
+
   newproperty(:enabled) do
     desc 'Whether the tenant should be enabled. Defaults to true.'
     newvalues(/(t|T)rue/, /(f|F)alse/, true, false )
diff --git a/3rdparty/modules/keystone/manifests/roles/admin.pp b/3rdparty/modules/keystone/manifests/roles/admin.pp
index 4fd5e097..9e555753 100644
--- a/3rdparty/modules/keystone/manifests/roles/admin.pp
+++ b/3rdparty/modules/keystone/manifests/roles/admin.pp
@@ -43,17 +43,20 @@ class keystone::roles::admin(
   $service_tenant_desc    = 'Tenant for the openstack services',
   $configure_user         = true,
   $configure_user_role    = true,
+  $validate_cacert        = undef,
 ) {
 
   keystone_tenant { $service_tenant:
     ensure      => present,
     enabled     => true,
     description => $service_tenant_desc,
+    os_cacert   => $validate_cacert,
   }
   keystone_tenant { $admin_tenant:
     ensure      => present,
     enabled     => true,
     description => $admin_tenant_desc,
+    os_cacert   => $validate_cacert,
   }
   keystone_role { 'admin':
     ensure => present,
diff --git a/modules/roles/manifests/keystone.pp b/modules/roles/manifests/keystone.pp
index e265e541..f05bab7a 100644
--- a/modules/roles/manifests/keystone.pp
+++ b/modules/roles/manifests/keystone.pp
@@ -30,6 +30,7 @@ class roles::keystone {
 	class { '::keystone::roles::admin':
 		email    => 'test@puppetlabs.com',
 		password => $admin_pass,
+		validate_cacert     => '/etc/ssl/debian/certs/ca.crt',
 	}
 	class { '::keystone::endpoint':
 		public_url => 'https://openstack.bm.debian.org:5000/',