From d4973455447bcee6beb3c85f1e373b338c0e325a Mon Sep 17 00:00:00 2001 From: Iury Gregory Melo Ferreira Date: Tue, 27 Sep 2016 23:13:12 -0300 Subject: [PATCH] Remove old authtoken options Since we are in ocata lets remove all old parameters in api to configure the keystone_authtoken section Change-Id: I6d023c3092e735d5cc021169c43c847df446b2aa --- manifests/api.pp | 88 ------------------- manifests/keystone/authtoken.pp | 33 +++---- ...ld_authtoken_options-617be3ac3ec06ef2.yaml | 12 +++ spec/classes/aodh_api_spec.rb | 79 +++-------------- 4 files changed, 34 insertions(+), 178 deletions(-) create mode 100644 releasenotes/notes/remove_old_authtoken_options-617be3ac3ec06ef2.yaml diff --git a/manifests/api.pp b/manifests/api.pp index c945b12e..16eeeb95 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -44,48 +44,6 @@ # HTTPProxyToWSGI middleware. # Defaults to $::os_service_default. # -# = DEPRECATED PARAMETERS -# -# [*keystone_identity_uri*] -# (optional) DEPRECATED. Use aodh::keystone::authtoken::auth_url instead. -# Defaults to: undef -# -# [*keystone_user*] -# (optional) DEPRECATED. Use aodh::keystone::authtoken::username instead. -# Defaults to undef -# -# [*keystone_tenant*] -# (optional) DEPRECATED. Use aodh::keystone::authtoken::project_name instead. -# Defaults to undef -# -# [*keystone_project_domain_name*] -# (optional) DEPRECATED. Use aodh::keystone::authtoken::project_domain_name instead. -# Defaults to undef -# -# [*keystone_user_domain_name*] -# (optional) DEPRECATED. Use aodh::keystone::authtoken::user_domain_name instead. -# Defaults to undef -# -# [*keystone_auth_type*] -# (optional) DEPRECATED. Use aodh::keystone::authtoken::auth_type instead. -# Defaults to undef -# -# [*keystone_password*] -# (optional) DEPRECATED. Use aodh::keystone::authtoken::password instead. -# Defaults to undef -# -# [*keystone_auth_uri*] -# (optional) DEPRECATED. Use aodh::keystone::authtoken::auth_uri instead. -# Defaults to undef -# -# [*keystone_auth_url*] -# (optional) DEPRECATED. Use aodh::keystone::authtoken::auth_url instead. -# Defaults to undef -# -# [*memcached_servers*] -# (optinal) DEPRECATED. Use aodh::keystone::authtoken::memcached_servers. -# Defaults to undef -# class aodh::api ( $manage_service = true, $enabled = true, @@ -96,54 +54,8 @@ class aodh::api ( $sync_db = false, $auth_strategy = 'keystone', $enable_proxy_headers_parsing = $::os_service_default, - # DEPRECATED PARAMETERS - $keystone_identity_uri = undef, - $keystone_user = undef, - $keystone_tenant = undef, - $keystone_password = undef, - $keystone_auth_uri = undef, - $keystone_auth_url = undef, - $keystone_project_domain_name = undef, - $keystone_user_domain_name = undef, - $keystone_auth_type = undef, - $memcached_servers = undef, ) inherits aodh::params { - if $keystone_identity_uri { - warning('aodh::api::keystone_identity_uri is deprecated, user aodh::keystone::authtoken::auth_url instead.') - } - - if $keystone_user { - warning('aodh::api::keystone_user is deprecated, use aodh::keystone::authtoken::username instead') - } - - if $keystone_tenant { - warning('aodh::api::keystone_tenant is deprecated, use aodh::keystone::authtoken::project_name instead') - } - - if $keystone_password { - warning('aodh::api::keystone_password is deprecated, use aodh::keystone::authtoken::password instead') - } - - if $keystone_auth_uri { - warning('aodh::api::keystone_auth_uri is deprecated, use aodh::keystone::authtoken::auth_uri instead') - } - - if $keystone_project_domain_name { - warning('aodh::api::keystone_project_domain_name is deprecated, use aodh::keystone::authtoken::project_domain_name instead') - } - - if $keystone_user_domain_name { - warning('aodh::api::keystone_user_domain_name is deprecated, use aodh::keystone::authtoken::user_domain_name instead') - } - - if $keystone_auth_type { - warning('aodh::api::keystone_auth_type is deprecated, use aodh::keystone::authtoken::auth_type instead') - } - - if $memcached_servers { - warning('aodh::api::memcached_servers is deprecated, use aodh::keystone::authtoken::memcached_servers instead.') - } include ::aodh::params include ::aodh::policy diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp index 2b9cd3af..0b571240 100644 --- a/manifests/keystone/authtoken.pp +++ b/manifests/keystone/authtoken.pp @@ -223,34 +223,21 @@ class aodh::keystone::authtoken( $token_cache_time = $::os_service_default, ) { - if is_service_default($password) and ! $::aodh::api::keystone_password { + if is_service_default($password) { fail('Please set password for Aodh service user') } - $username_real = pick($::aodh::api::keystone_user, $username) - $password_real = pick($::aodh::api::keystone_password, $password) - $project_name_real = pick($::aodh::api::keystone_tenant, $project_name) - $auth_uri_real = pick($::aodh::api::keystone_auth_uri, $auth_uri) - $auth_url_real = pick($::aodh::api::keystone_identity_uri, -$::aodh::api::keystone_auth_url, $auth_url) - $memcached_servers_real = pick($::aodh::api::memcached_servers, $memcached_servers) - $user_domain_name_real = pick($::aodh::api::keystone_user_domain_name, -$user_domain_name) - $project_domain_name_real = pick($::aodh::api::keystone_project_domain_name, $project_domain_name) - $auth_type_real = pick($::aodh::api::keystone_auth_type, $auth_type) - - keystone::resource::authtoken { 'aodh_config': - username => $username_real, - password => $password_real, - project_name => $project_name_real, - auth_url => $auth_url_real, - auth_uri => $auth_uri_real, + username => $username, + password => $password, + project_name => $project_name, + auth_url => $auth_url, + auth_uri => $auth_uri, auth_version => $auth_version, - auth_type => $auth_type_real, + auth_type => $auth_type, auth_section => $auth_section, - user_domain_name => $user_domain_name_real, - project_domain_name => $project_domain_name_real, + user_domain_name => $user_domain_name, + project_domain_name => $project_domain_name, insecure => $insecure, cache => $cache, cafile => $cafile, @@ -271,7 +258,7 @@ $user_domain_name) memcache_security_strategy => $memcache_security_strategy, memcache_use_advanced_pool => $memcache_use_advanced_pool, memcache_pool_unused_timeout => $memcache_pool_unused_timeout, - memcached_servers => $memcached_servers_real, + memcached_servers => $memcached_servers, region_name => $region_name, revocation_cache_time => $revocation_cache_time, signing_dir => $signing_dir, diff --git a/releasenotes/notes/remove_old_authtoken_options-617be3ac3ec06ef2.yaml b/releasenotes/notes/remove_old_authtoken_options-617be3ac3ec06ef2.yaml new file mode 100644 index 00000000..9aabe820 --- /dev/null +++ b/releasenotes/notes/remove_old_authtoken_options-617be3ac3ec06ef2.yaml @@ -0,0 +1,12 @@ +--- +other: + - removed deprecated aodh::api::keystone_tenant + - removed deprecated aodh::api::keystone_user + - removed deprecated aodh::api::keystone_password + - removed deprecated aodh::api::keystone_project_domain_name + - removed deprecated aodh::api::keystone_user_domain_name + - removed deprecated aodh::api::keystone_auth_type + - removed deprecated aodh::api::keystone_auth_uri + - removed deprecated aodh::api::keystone_identity_uri + - removed deprecated aodh::api::keystone_auth_url + - removed deprecated aodh::api::memcached_servers diff --git a/spec/classes/aodh_api_spec.rb b/spec/classes/aodh_api_spec.rb index 4c277141..428b7856 100644 --- a/spec/classes/aodh_api_spec.rb +++ b/spec/classes/aodh_api_spec.rb @@ -4,13 +4,15 @@ describe 'aodh::api' do let :pre_condition do "class { 'aodh': } - include ::aodh::db" + include ::aodh::db + class { '::aodh::keystone::authtoken': + password => 'a_big_secret', + }" end let :params do { :enabled => true, :manage_service => true, - :keystone_password => 'aodh-passw0rd', :package_ensure => 'latest', :port => '8042', :host => '0.0.0.0', @@ -72,43 +74,6 @@ describe 'aodh::api' do it { is_expected.to contain_aodh_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) } end - context 'with deprecated parameters' do - before do - params.merge!({ - :keystone_user => 'dummy', - :keystone_password => 'mypassword', - :keystone_tenant => 'tenant', - :keystone_auth_uri => 'https://10.0.0.1:5000/deprecated', - :keystone_identity_uri => 'https://10.0.0.1:35357/deprecated', - :keystone_auth_url => 'https://10.0.0.1:35357/deprecated', - :memcached_servers => ['memcached01:11211','memcached02:11211'], - :keystone_project_domain_name => 'domainX', - :keystone_user_domain_name => 'domainX', - :keystone_auth_type => 'auth', - }) - end - it 'configures keystone_authtoken middleware' do - is_expected.to contain_aodh_config( - 'keystone_authtoken/auth_uri').with_value('https://10.0.0.1:5000/deprecated') - is_expected.to contain_aodh_config( - 'keystone_authtoken/username').with_value(params[:keystone_user]) - is_expected.to contain_aodh_config( - 'keystone_authtoken/password').with_value(params[:keystone_password]).with_secret(true) - is_expected.to contain_aodh_config( - 'keystone_authtoken/auth_url').with_value(params[:keystone_identity_uri]) - is_expected.to contain_aodh_config( - 'keystone_authtoken/project_name').with_value(params[:keystone_tenant]) - is_expected.to contain_aodh_config( - 'keystone_authtoken/user_domain_name').with_value(params[:keystone_user_domain_name]) - is_expected.to contain_aodh_config( - 'keystone_authtoken/project_domain_name').with_value(params[:keystone_project_domain_name]) - is_expected.to contain_aodh_config( - 'keystone_authtoken/auth_type').with_value(params[:keystone_auth_type]) - is_expected.to contain_aodh_config( - 'keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211') - end - end - context 'with disabled service managing' do before do params.merge!({ @@ -136,7 +101,10 @@ describe 'aodh::api' do let :pre_condition do "include ::apache include ::aodh::db - class { 'aodh': }" + class { 'aodh': } + class { '::aodh::keystone::authtoken': + password => 'a_big_secret', + }" end it 'configures aodh-api service with Apache' do @@ -157,37 +125,14 @@ describe 'aodh::api' do let :pre_condition do "include ::apache include ::aodh::db - class { 'aodh': }" + class { 'aodh': } + class { '::aodh::keystone::authtoken': + password => 'a_big_secret', + }" end it_raises 'a Puppet::Error', /Invalid service_name/ end - - context "with deprecated keystone options" do - before do - params.merge!({ - :keystone_user => 'user', - :keystone_password => 'userpassword', - :keystone_tenant => 'tenant', - :keystone_project_domain_name => 'domainx', - :keystone_user_domain_name => 'domainx', - :keystone_auth_type => 'password', - :keystone_auth_uri => 'https://foo.bar:5000', - :keystone_auth_url => 'https://foo.bar:35357/deprecated', - :keystone_identity_uri => 'https://foo.bar:35357/deprecated', - }) - end - it 'configures auth_uri but deprecates old auth settings' do - is_expected.to contain_aodh_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000"); - is_expected.to contain_aodh_config('keystone_authtoken/auth_url').with_value("https://foo.bar:35357/deprecated"); - is_expected.to contain_aodh_config('keystone_authtoken/username').with_value('user') - is_expected.to contain_aodh_config('keystone_authtoken/password').with_value('userpassword') - is_expected.to contain_aodh_config('keystone_authtoken/project_name').with_value('tenant') - is_expected.to contain_aodh_config('keystone_authtoken/user_domain_name').with_value('domainx') - is_expected.to contain_aodh_config('keystone_authtoken/project_domain_name').with_value('domainx') - is_expected.to contain_aodh_config('keystone_authtoken/auth_type').with_value('password') - end - end end on_supported_os({