Remove old authtoken options
Since we are in ocata lets remove all old parameters in api to configure the keystone_authtoken section Change-Id: I6d023c3092e735d5cc021169c43c847df446b2aa
This commit is contained in:
parent
9470f7521a
commit
d497345544
@ -44,48 +44,6 @@
|
|||||||
# HTTPProxyToWSGI middleware.
|
# HTTPProxyToWSGI middleware.
|
||||||
# Defaults to $::os_service_default.
|
# Defaults to $::os_service_default.
|
||||||
#
|
#
|
||||||
# = DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*keystone_identity_uri*]
|
|
||||||
# (optional) DEPRECATED. Use aodh::keystone::authtoken::auth_url instead.
|
|
||||||
# Defaults to: undef
|
|
||||||
#
|
|
||||||
# [*keystone_user*]
|
|
||||||
# (optional) DEPRECATED. Use aodh::keystone::authtoken::username instead.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_tenant*]
|
|
||||||
# (optional) DEPRECATED. Use aodh::keystone::authtoken::project_name instead.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_project_domain_name*]
|
|
||||||
# (optional) DEPRECATED. Use aodh::keystone::authtoken::project_domain_name instead.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_user_domain_name*]
|
|
||||||
# (optional) DEPRECATED. Use aodh::keystone::authtoken::user_domain_name instead.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_auth_type*]
|
|
||||||
# (optional) DEPRECATED. Use aodh::keystone::authtoken::auth_type instead.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_password*]
|
|
||||||
# (optional) DEPRECATED. Use aodh::keystone::authtoken::password instead.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_auth_uri*]
|
|
||||||
# (optional) DEPRECATED. Use aodh::keystone::authtoken::auth_uri instead.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*keystone_auth_url*]
|
|
||||||
# (optional) DEPRECATED. Use aodh::keystone::authtoken::auth_url instead.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*memcached_servers*]
|
|
||||||
# (optinal) DEPRECATED. Use aodh::keystone::authtoken::memcached_servers.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class aodh::api (
|
class aodh::api (
|
||||||
$manage_service = true,
|
$manage_service = true,
|
||||||
$enabled = true,
|
$enabled = true,
|
||||||
@ -96,54 +54,8 @@ class aodh::api (
|
|||||||
$sync_db = false,
|
$sync_db = false,
|
||||||
$auth_strategy = 'keystone',
|
$auth_strategy = 'keystone',
|
||||||
$enable_proxy_headers_parsing = $::os_service_default,
|
$enable_proxy_headers_parsing = $::os_service_default,
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
$keystone_identity_uri = undef,
|
|
||||||
$keystone_user = undef,
|
|
||||||
$keystone_tenant = undef,
|
|
||||||
$keystone_password = undef,
|
|
||||||
$keystone_auth_uri = undef,
|
|
||||||
$keystone_auth_url = undef,
|
|
||||||
$keystone_project_domain_name = undef,
|
|
||||||
$keystone_user_domain_name = undef,
|
|
||||||
$keystone_auth_type = undef,
|
|
||||||
$memcached_servers = undef,
|
|
||||||
) inherits aodh::params {
|
) inherits aodh::params {
|
||||||
|
|
||||||
if $keystone_identity_uri {
|
|
||||||
warning('aodh::api::keystone_identity_uri is deprecated, user aodh::keystone::authtoken::auth_url instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_user {
|
|
||||||
warning('aodh::api::keystone_user is deprecated, use aodh::keystone::authtoken::username instead')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_tenant {
|
|
||||||
warning('aodh::api::keystone_tenant is deprecated, use aodh::keystone::authtoken::project_name instead')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_password {
|
|
||||||
warning('aodh::api::keystone_password is deprecated, use aodh::keystone::authtoken::password instead')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_auth_uri {
|
|
||||||
warning('aodh::api::keystone_auth_uri is deprecated, use aodh::keystone::authtoken::auth_uri instead')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_project_domain_name {
|
|
||||||
warning('aodh::api::keystone_project_domain_name is deprecated, use aodh::keystone::authtoken::project_domain_name instead')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_user_domain_name {
|
|
||||||
warning('aodh::api::keystone_user_domain_name is deprecated, use aodh::keystone::authtoken::user_domain_name instead')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $keystone_auth_type {
|
|
||||||
warning('aodh::api::keystone_auth_type is deprecated, use aodh::keystone::authtoken::auth_type instead')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $memcached_servers {
|
|
||||||
warning('aodh::api::memcached_servers is deprecated, use aodh::keystone::authtoken::memcached_servers instead.')
|
|
||||||
}
|
|
||||||
|
|
||||||
include ::aodh::params
|
include ::aodh::params
|
||||||
include ::aodh::policy
|
include ::aodh::policy
|
||||||
|
@ -223,34 +223,21 @@ class aodh::keystone::authtoken(
|
|||||||
$token_cache_time = $::os_service_default,
|
$token_cache_time = $::os_service_default,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
if is_service_default($password) and ! $::aodh::api::keystone_password {
|
if is_service_default($password) {
|
||||||
fail('Please set password for Aodh service user')
|
fail('Please set password for Aodh service user')
|
||||||
}
|
}
|
||||||
|
|
||||||
$username_real = pick($::aodh::api::keystone_user, $username)
|
|
||||||
$password_real = pick($::aodh::api::keystone_password, $password)
|
|
||||||
$project_name_real = pick($::aodh::api::keystone_tenant, $project_name)
|
|
||||||
$auth_uri_real = pick($::aodh::api::keystone_auth_uri, $auth_uri)
|
|
||||||
$auth_url_real = pick($::aodh::api::keystone_identity_uri,
|
|
||||||
$::aodh::api::keystone_auth_url, $auth_url)
|
|
||||||
$memcached_servers_real = pick($::aodh::api::memcached_servers, $memcached_servers)
|
|
||||||
$user_domain_name_real = pick($::aodh::api::keystone_user_domain_name,
|
|
||||||
$user_domain_name)
|
|
||||||
$project_domain_name_real = pick($::aodh::api::keystone_project_domain_name, $project_domain_name)
|
|
||||||
$auth_type_real = pick($::aodh::api::keystone_auth_type, $auth_type)
|
|
||||||
|
|
||||||
|
|
||||||
keystone::resource::authtoken { 'aodh_config':
|
keystone::resource::authtoken { 'aodh_config':
|
||||||
username => $username_real,
|
username => $username,
|
||||||
password => $password_real,
|
password => $password,
|
||||||
project_name => $project_name_real,
|
project_name => $project_name,
|
||||||
auth_url => $auth_url_real,
|
auth_url => $auth_url,
|
||||||
auth_uri => $auth_uri_real,
|
auth_uri => $auth_uri,
|
||||||
auth_version => $auth_version,
|
auth_version => $auth_version,
|
||||||
auth_type => $auth_type_real,
|
auth_type => $auth_type,
|
||||||
auth_section => $auth_section,
|
auth_section => $auth_section,
|
||||||
user_domain_name => $user_domain_name_real,
|
user_domain_name => $user_domain_name,
|
||||||
project_domain_name => $project_domain_name_real,
|
project_domain_name => $project_domain_name,
|
||||||
insecure => $insecure,
|
insecure => $insecure,
|
||||||
cache => $cache,
|
cache => $cache,
|
||||||
cafile => $cafile,
|
cafile => $cafile,
|
||||||
@ -271,7 +258,7 @@ $user_domain_name)
|
|||||||
memcache_security_strategy => $memcache_security_strategy,
|
memcache_security_strategy => $memcache_security_strategy,
|
||||||
memcache_use_advanced_pool => $memcache_use_advanced_pool,
|
memcache_use_advanced_pool => $memcache_use_advanced_pool,
|
||||||
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
|
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
|
||||||
memcached_servers => $memcached_servers_real,
|
memcached_servers => $memcached_servers,
|
||||||
region_name => $region_name,
|
region_name => $region_name,
|
||||||
revocation_cache_time => $revocation_cache_time,
|
revocation_cache_time => $revocation_cache_time,
|
||||||
signing_dir => $signing_dir,
|
signing_dir => $signing_dir,
|
||||||
|
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
other:
|
||||||
|
- removed deprecated aodh::api::keystone_tenant
|
||||||
|
- removed deprecated aodh::api::keystone_user
|
||||||
|
- removed deprecated aodh::api::keystone_password
|
||||||
|
- removed deprecated aodh::api::keystone_project_domain_name
|
||||||
|
- removed deprecated aodh::api::keystone_user_domain_name
|
||||||
|
- removed deprecated aodh::api::keystone_auth_type
|
||||||
|
- removed deprecated aodh::api::keystone_auth_uri
|
||||||
|
- removed deprecated aodh::api::keystone_identity_uri
|
||||||
|
- removed deprecated aodh::api::keystone_auth_url
|
||||||
|
- removed deprecated aodh::api::memcached_servers
|
@ -4,13 +4,15 @@ describe 'aodh::api' do
|
|||||||
|
|
||||||
let :pre_condition do
|
let :pre_condition do
|
||||||
"class { 'aodh': }
|
"class { 'aodh': }
|
||||||
include ::aodh::db"
|
include ::aodh::db
|
||||||
|
class { '::aodh::keystone::authtoken':
|
||||||
|
password => 'a_big_secret',
|
||||||
|
}"
|
||||||
end
|
end
|
||||||
|
|
||||||
let :params do
|
let :params do
|
||||||
{ :enabled => true,
|
{ :enabled => true,
|
||||||
:manage_service => true,
|
:manage_service => true,
|
||||||
:keystone_password => 'aodh-passw0rd',
|
|
||||||
:package_ensure => 'latest',
|
:package_ensure => 'latest',
|
||||||
:port => '8042',
|
:port => '8042',
|
||||||
:host => '0.0.0.0',
|
:host => '0.0.0.0',
|
||||||
@ -72,43 +74,6 @@ describe 'aodh::api' do
|
|||||||
it { is_expected.to contain_aodh_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
|
it { is_expected.to contain_aodh_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with deprecated parameters' do
|
|
||||||
before do
|
|
||||||
params.merge!({
|
|
||||||
:keystone_user => 'dummy',
|
|
||||||
:keystone_password => 'mypassword',
|
|
||||||
:keystone_tenant => 'tenant',
|
|
||||||
:keystone_auth_uri => 'https://10.0.0.1:5000/deprecated',
|
|
||||||
:keystone_identity_uri => 'https://10.0.0.1:35357/deprecated',
|
|
||||||
:keystone_auth_url => 'https://10.0.0.1:35357/deprecated',
|
|
||||||
:memcached_servers => ['memcached01:11211','memcached02:11211'],
|
|
||||||
:keystone_project_domain_name => 'domainX',
|
|
||||||
:keystone_user_domain_name => 'domainX',
|
|
||||||
:keystone_auth_type => 'auth',
|
|
||||||
})
|
|
||||||
end
|
|
||||||
it 'configures keystone_authtoken middleware' do
|
|
||||||
is_expected.to contain_aodh_config(
|
|
||||||
'keystone_authtoken/auth_uri').with_value('https://10.0.0.1:5000/deprecated')
|
|
||||||
is_expected.to contain_aodh_config(
|
|
||||||
'keystone_authtoken/username').with_value(params[:keystone_user])
|
|
||||||
is_expected.to contain_aodh_config(
|
|
||||||
'keystone_authtoken/password').with_value(params[:keystone_password]).with_secret(true)
|
|
||||||
is_expected.to contain_aodh_config(
|
|
||||||
'keystone_authtoken/auth_url').with_value(params[:keystone_identity_uri])
|
|
||||||
is_expected.to contain_aodh_config(
|
|
||||||
'keystone_authtoken/project_name').with_value(params[:keystone_tenant])
|
|
||||||
is_expected.to contain_aodh_config(
|
|
||||||
'keystone_authtoken/user_domain_name').with_value(params[:keystone_user_domain_name])
|
|
||||||
is_expected.to contain_aodh_config(
|
|
||||||
'keystone_authtoken/project_domain_name').with_value(params[:keystone_project_domain_name])
|
|
||||||
is_expected.to contain_aodh_config(
|
|
||||||
'keystone_authtoken/auth_type').with_value(params[:keystone_auth_type])
|
|
||||||
is_expected.to contain_aodh_config(
|
|
||||||
'keystone_authtoken/memcached_servers').with_value('memcached01:11211,memcached02:11211')
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'with disabled service managing' do
|
context 'with disabled service managing' do
|
||||||
before do
|
before do
|
||||||
params.merge!({
|
params.merge!({
|
||||||
@ -136,7 +101,10 @@ describe 'aodh::api' do
|
|||||||
let :pre_condition do
|
let :pre_condition do
|
||||||
"include ::apache
|
"include ::apache
|
||||||
include ::aodh::db
|
include ::aodh::db
|
||||||
class { 'aodh': }"
|
class { 'aodh': }
|
||||||
|
class { '::aodh::keystone::authtoken':
|
||||||
|
password => 'a_big_secret',
|
||||||
|
}"
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'configures aodh-api service with Apache' do
|
it 'configures aodh-api service with Apache' do
|
||||||
@ -157,37 +125,14 @@ describe 'aodh::api' do
|
|||||||
let :pre_condition do
|
let :pre_condition do
|
||||||
"include ::apache
|
"include ::apache
|
||||||
include ::aodh::db
|
include ::aodh::db
|
||||||
class { 'aodh': }"
|
class { 'aodh': }
|
||||||
|
class { '::aodh::keystone::authtoken':
|
||||||
|
password => 'a_big_secret',
|
||||||
|
}"
|
||||||
end
|
end
|
||||||
|
|
||||||
it_raises 'a Puppet::Error', /Invalid service_name/
|
it_raises 'a Puppet::Error', /Invalid service_name/
|
||||||
end
|
end
|
||||||
|
|
||||||
context "with deprecated keystone options" do
|
|
||||||
before do
|
|
||||||
params.merge!({
|
|
||||||
:keystone_user => 'user',
|
|
||||||
:keystone_password => 'userpassword',
|
|
||||||
:keystone_tenant => 'tenant',
|
|
||||||
:keystone_project_domain_name => 'domainx',
|
|
||||||
:keystone_user_domain_name => 'domainx',
|
|
||||||
:keystone_auth_type => 'password',
|
|
||||||
:keystone_auth_uri => 'https://foo.bar:5000',
|
|
||||||
:keystone_auth_url => 'https://foo.bar:35357/deprecated',
|
|
||||||
:keystone_identity_uri => 'https://foo.bar:35357/deprecated',
|
|
||||||
})
|
|
||||||
end
|
|
||||||
it 'configures auth_uri but deprecates old auth settings' do
|
|
||||||
is_expected.to contain_aodh_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000");
|
|
||||||
is_expected.to contain_aodh_config('keystone_authtoken/auth_url').with_value("https://foo.bar:35357/deprecated");
|
|
||||||
is_expected.to contain_aodh_config('keystone_authtoken/username').with_value('user')
|
|
||||||
is_expected.to contain_aodh_config('keystone_authtoken/password').with_value('userpassword')
|
|
||||||
is_expected.to contain_aodh_config('keystone_authtoken/project_name').with_value('tenant')
|
|
||||||
is_expected.to contain_aodh_config('keystone_authtoken/user_domain_name').with_value('domainx')
|
|
||||||
is_expected.to contain_aodh_config('keystone_authtoken/project_domain_name').with_value('domainx')
|
|
||||||
is_expected.to contain_aodh_config('keystone_authtoken/auth_type').with_value('password')
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
on_supported_os({
|
on_supported_os({
|
||||||
|
Loading…
Reference in New Issue
Block a user