diff --git a/manifests/compute/nova.pp b/manifests/compute/nova.pp index c41d65e6..8af6c855 100644 --- a/manifests/compute/nova.pp +++ b/manifests/compute/nova.pp @@ -33,6 +33,10 @@ # (optional) Project name to scope to # Defaults to 'services' # +# [*system_scope*] +# (optional) Scope for system operations. +# Defaults to $::os_service_default +# # [*region_name*] # (optional) Region name for connecting to nova # Defaults to $::os_service_default @@ -62,6 +66,7 @@ class manila::compute::nova ( $user_domain_name = 'Default', $project_domain_name = 'Default', $project_name = 'services', + $system_scope = $::os_service_default, $region_name = $::os_service_default, $endpoint_type = $::os_service_default, $username = 'nova', @@ -71,6 +76,14 @@ class manila::compute::nova ( include manila::deps + if is_service_default($system_scope) { + $project_name_real = $project_name + $project_domain_name_real = $project_domain_name + } else { + $project_name_real = $::os_service_default + $project_domain_name_real = $::os_service_default + } + manila_config { 'nova/insecure': value => $insecure; 'nova/auth_url': value => $auth_url; @@ -81,8 +94,9 @@ class manila::compute::nova ( 'nova/username': value => $username; 'nova/user_domain_name': value => $user_domain_name; 'nova/password': value => $password, secret => true; - 'nova/project_name': value => $project_name; - 'nova/project_domain_name': value => $project_domain_name; + 'nova/project_name': value => $project_name_real; + 'nova/project_domain_name': value => $project_domain_name_real; + 'nova/system_scope': value => $system_scope; 'nova/api_microversion': value => $api_microversion; } } diff --git a/manifests/image/glance.pp b/manifests/image/glance.pp index 5fe49837..0c1b63c2 100644 --- a/manifests/image/glance.pp +++ b/manifests/image/glance.pp @@ -45,6 +45,10 @@ # (optional) Project name to scope to # Defaults to 'services' # +# [*system_scope*] +# (optional) Scope for system operations. +# Defaults to $::os_service_default +# # [*region_name*] # (optional) Region name for connecting to cinder # Defaults to $::os_service_default @@ -73,6 +77,7 @@ class manila::image::glance ( $user_domain_name = 'Default', $project_domain_name = 'Default', $project_name = 'services', + $system_scope = $::os_service_default, $region_name = $::os_service_default, $endpoint_type = $::os_service_default, $username = 'glance', @@ -81,6 +86,14 @@ class manila::image::glance ( include manila::deps + if is_service_default($system_scope) { + $project_name_real = $project_name + $project_domain_name_real = $project_domain_name + } else { + $project_name_real = $::os_service_default + $project_domain_name_real = $::os_service_default + } + manila_config { 'glance/api_microversion': value => $api_microversion; 'glance/insecure': value => $insecure; @@ -90,8 +103,9 @@ class manila::image::glance ( 'glance/certfile': value => $certfile; 'glance/keyfile': value => $keyfile; 'glance/user_domain_name': value => $user_domain_name; - 'glance/project_domain_name': value => $project_domain_name; - 'glance/project_name': value => $project_name; + 'glance/project_domain_name': value => $project_domain_name_real; + 'glance/project_name': value => $project_name_real; + 'glance/system_scope': value => $system_scope; 'glance/region_name': value => $region_name; 'glance/endpoint_type': value => $endpoint_type; 'glance/username': value => $username; diff --git a/manifests/network/neutron.pp b/manifests/network/neutron.pp index bebc7b6e..daef9416 100644 --- a/manifests/network/neutron.pp +++ b/manifests/network/neutron.pp @@ -33,6 +33,10 @@ # (optional) Project name to scope to # Defaults to 'services' # +# [*system_scope*] +# (optional) Scope for system operations. +# Defaults to $::os_service_default +# # [*region_name*] # (optional) Region name for connecting to neutron # Defaults to $::os_service_default @@ -70,6 +74,7 @@ class manila::network::neutron ( $user_domain_name = 'Default', $project_domain_name = 'Default', $project_name = 'services', + $system_scope = $::os_service_default, $region_name = $::os_service_default, $timeout = $::os_service_default, $endpoint_type = $::os_service_default, @@ -79,11 +84,21 @@ class manila::network::neutron ( $network_plugin_ipv6_enabled = $::os_service_default, ) { + include manila::deps + # TODO(tkajinam): Remove this after Yoga release manila_config { 'DEFAULT/network_api_class': ensure => absent; } + if is_service_default($system_scope) { + $project_name_real = $project_name + $project_domain_name_real = $project_domain_name + } else { + $project_name_real = $::os_service_default + $project_domain_name_real = $::os_service_default + } + manila_config { 'neutron/insecure': value => $insecure; 'neutron/auth_url': value => $auth_url; @@ -95,8 +110,9 @@ class manila::network::neutron ( 'neutron/username': value => $username; 'neutron/user_domain_name': value => $user_domain_name; 'neutron/password': value => $password, secret => true; - 'neutron/project_name': value => $project_name; - 'neutron/project_domain_name': value => $project_domain_name; + 'neutron/project_name': value => $project_name_real; + 'neutron/project_domain_name': value => $project_domain_name_real; + 'neutron/system_scope': value => $system_scope; 'DEFAULT/network_plugin_ipv4_enabled': value => $network_plugin_ipv4_enabled; 'DEFAULT/network_plugin_ipv6_enabled': value => $network_plugin_ipv6_enabled; } diff --git a/manifests/volume/cinder.pp b/manifests/volume/cinder.pp index cbcc434d..47bc4bea 100644 --- a/manifests/volume/cinder.pp +++ b/manifests/volume/cinder.pp @@ -33,6 +33,10 @@ # (optional) Project name to scope to # Defaults to 'services' # +# [*system_scope*] +# (optional) Scope for system operations. +# Defaults to $::os_service_default +# # [*region_name*] # (optional) Region name for connecting to cinder # Defaults to $::os_service_default @@ -67,6 +71,7 @@ class manila::volume::cinder ( $user_domain_name = 'Default', $project_domain_name = 'Default', $project_name = 'services', + $system_scope = $::os_service_default, $region_name = $::os_service_default, $endpoint_type = $::os_service_default, $username = 'cinder', @@ -77,6 +82,14 @@ class manila::volume::cinder ( include manila::deps + if is_service_default($system_scope) { + $project_name_real = $project_name + $project_domain_name_real = $project_domain_name + } else { + $project_name_real = $::os_service_default + $project_domain_name_real = $::os_service_default + } + manila_config { 'cinder/insecure': value => $insecure; 'cinder/auth_url': value => $auth_url; @@ -87,8 +100,9 @@ class manila::volume::cinder ( 'cinder/username': value => $username; 'cinder/user_domain_name': value => $user_domain_name; 'cinder/password': value => $password, secret => true; - 'cinder/project_name': value => $project_name; - 'cinder/project_domain_name': value => $project_domain_name; + 'cinder/project_name': value => $project_name_real; + 'cinder/project_domain_name': value => $project_domain_name_real; + 'cinder/system_scope': value => $system_scope; 'cinder/http_retries': value => $http_retries; 'cinder/cross_az_attach': value => $cross_az_attach; } diff --git a/releasenotes/notes/system_scope-all-4a661d5cc27d448a.yaml b/releasenotes/notes/system_scope-all-4a661d5cc27d448a.yaml new file mode 100644 index 00000000..64205762 --- /dev/null +++ b/releasenotes/notes/system_scope-all-4a661d5cc27d448a.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + The new ``system_scope`` parameter has been added to the following classes. + + - ``manila::compute::nova`` + - ``manila::image::glance`` + - ``manila::network::neutron`` + - ``manila::volume::cinder`` diff --git a/spec/classes/manila_compute_nova_spec.rb b/spec/classes/manila_compute_nova_spec.rb index 0165ccaa..d4b5d014 100644 --- a/spec/classes/manila_compute_nova_spec.rb +++ b/spec/classes/manila_compute_nova_spec.rb @@ -11,6 +11,7 @@ describe 'manila::compute::nova' do is_expected.to contain_manila_config('nova/user_domain_name').with_value('Default') is_expected.to contain_manila_config('nova/project_domain_name').with_value('Default') is_expected.to contain_manila_config('nova/project_name').with_value('services') + is_expected.to contain_manila_config('nova/system_scope').with_value('') is_expected.to contain_manila_config('nova/region_name').with_value('') is_expected.to contain_manila_config('nova/endpoint_type').with_value('') is_expected.to contain_manila_config('nova/username').with_value('nova') @@ -42,6 +43,7 @@ describe 'manila::compute::nova' do is_expected.to contain_manila_config('nova/user_domain_name').with_value('Default') is_expected.to contain_manila_config('nova/project_domain_name').with_value('Default') is_expected.to contain_manila_config('nova/project_name').with_value('services') + is_expected.to contain_manila_config('nova/system_scope').with_value('') is_expected.to contain_manila_config('nova/region_name').with_value('RegionOne') is_expected.to contain_manila_config('nova/endpoint_type').with_value('publicURL') is_expected.to contain_manila_config('nova/username').with_value('novav1') @@ -49,6 +51,19 @@ describe 'manila::compute::nova' do is_expected.to contain_manila_config('nova/api_microversion').with_value('2.10') end end + + context 'when system_scope is set' do + let :params do + { + :system_scope => 'all' + } + end + it 'configures system-scoped credential' do + is_expected.to contain_manila_config('nova/project_domain_name').with_value('') + is_expected.to contain_manila_config('nova/project_name').with_value('') + is_expected.to contain_manila_config('nova/system_scope').with_value('all') + end + end end on_supported_os({ diff --git a/spec/classes/manila_image_glance_spec.rb b/spec/classes/manila_image_glance_spec.rb index ca8a8e67..ba7641c6 100644 --- a/spec/classes/manila_image_glance_spec.rb +++ b/spec/classes/manila_image_glance_spec.rb @@ -14,6 +14,7 @@ describe 'manila::image::glance' do is_expected.to contain_manila_config('glance/user_domain_name').with_value('Default') is_expected.to contain_manila_config('glance/project_domain_name').with_value('Default') is_expected.to contain_manila_config('glance/project_name').with_value('services') + is_expected.to contain_manila_config('glance/system_scope').with_value('') is_expected.to contain_manila_config('glance/region_name').with_value('') is_expected.to contain_manila_config('glance/endpoint_type').with_value('') is_expected.to contain_manila_config('glance/username').with_value('glance') @@ -47,12 +48,26 @@ describe 'manila::image::glance' do is_expected.to contain_manila_config('glance/user_domain_name').with_value('Default') is_expected.to contain_manila_config('glance/project_domain_name').with_value('Default') is_expected.to contain_manila_config('glance/project_name').with_value('services') + is_expected.to contain_manila_config('glance/system_scope').with_value('') is_expected.to contain_manila_config('glance/region_name').with_value('RegionOne') is_expected.to contain_manila_config('glance/endpoint_type').with_value('publicURL') is_expected.to contain_manila_config('glance/username').with_value('glancev1') is_expected.to contain_manila_config('glance/password').with_value('123123').with_secret(true) end end + + context 'when system_scope is set' do + let :params do + { + :system_scope => 'all' + } + end + it 'configures system-scoped credential' do + is_expected.to contain_manila_config('glance/project_domain_name').with_value('') + is_expected.to contain_manila_config('glance/project_name').with_value('') + is_expected.to contain_manila_config('glance/system_scope').with_value('all') + end + end end on_supported_os({ diff --git a/spec/classes/manila_network_neutron_spec.rb b/spec/classes/manila_network_neutron_spec.rb index 3fe07e4e..76b7068e 100644 --- a/spec/classes/manila_network_neutron_spec.rb +++ b/spec/classes/manila_network_neutron_spec.rb @@ -11,6 +11,7 @@ describe 'manila::network::neutron' do is_expected.to contain_manila_config('neutron/user_domain_name').with_value('Default') is_expected.to contain_manila_config('neutron/project_domain_name').with_value('Default') is_expected.to contain_manila_config('neutron/project_name').with_value('services') + is_expected.to contain_manila_config('neutron/system_scope').with_value('') is_expected.to contain_manila_config('neutron/region_name').with_value('') is_expected.to contain_manila_config('neutron/timeout').with_value('') is_expected.to contain_manila_config('neutron/endpoint_type').with_value('') @@ -46,6 +47,7 @@ describe 'manila::network::neutron' do is_expected.to contain_manila_config('neutron/user_domain_name').with_value('Default') is_expected.to contain_manila_config('neutron/project_domain_name').with_value('Default') is_expected.to contain_manila_config('neutron/project_name').with_value('services') + is_expected.to contain_manila_config('neutron/system_scope').with_value('') is_expected.to contain_manila_config('neutron/region_name').with_value('RegionOne') is_expected.to contain_manila_config('neutron/timeout').with_value(30) is_expected.to contain_manila_config('neutron/endpoint_type').with_value('publicURL') @@ -55,6 +57,19 @@ describe 'manila::network::neutron' do is_expected.to contain_manila_config('DEFAULT/network_plugin_ipv6_enabled').with_value(true) end end + + context 'when system_scope is set' do + let :params do + { + :system_scope => 'all' + } + end + it 'configures system-scoped credential' do + is_expected.to contain_manila_config('neutron/project_domain_name').with_value('') + is_expected.to contain_manila_config('neutron/project_name').with_value('') + is_expected.to contain_manila_config('neutron/system_scope').with_value('all') + end + end end on_supported_os({ diff --git a/spec/classes/manila_volume_cinder_spec.rb b/spec/classes/manila_volume_cinder_spec.rb index 35211bd0..49455200 100644 --- a/spec/classes/manila_volume_cinder_spec.rb +++ b/spec/classes/manila_volume_cinder_spec.rb @@ -13,6 +13,7 @@ describe 'manila::volume::cinder' do is_expected.to contain_manila_config('cinder/user_domain_name').with_value('Default') is_expected.to contain_manila_config('cinder/project_domain_name').with_value('Default') is_expected.to contain_manila_config('cinder/project_name').with_value('services') + is_expected.to contain_manila_config('cinder/system_scope').with_value('') is_expected.to contain_manila_config('cinder/username').with_value('cinder') is_expected.to contain_manila_config('cinder/password').with_value('') is_expected.to contain_manila_config('cinder/http_retries').with_value('') @@ -45,6 +46,7 @@ describe 'manila::volume::cinder' do is_expected.to contain_manila_config('cinder/project_domain_name').with_value('Default') is_expected.to contain_manila_config('cinder/project_name').with_value('services') is_expected.to contain_manila_config('cinder/region_name').with_value('RegionOne') + is_expected.to contain_manila_config('cinder/system_scope').with_value('') is_expected.to contain_manila_config('cinder/endpoint_type').with_value('publicURL') is_expected.to contain_manila_config('cinder/username').with_value('cinderv1') is_expected.to contain_manila_config('cinder/password').with_value('123123').with_secret(true) @@ -52,6 +54,19 @@ describe 'manila::volume::cinder' do is_expected.to contain_manila_config('cinder/cross_az_attach').with_value('true') end end + + context 'when system_scope is set' do + let :params do + { + :system_scope => 'all' + } + end + it 'configures system-scoped credential' do + is_expected.to contain_manila_config('cinder/project_domain_name').with_value('') + is_expected.to contain_manila_config('cinder/project_name').with_value('') + is_expected.to contain_manila_config('cinder/system_scope').with_value('all') + end + end end on_supported_os({