Use consistent names for service_credentials options

This change renames aodh::auth and its parameters to be consistent
with the section name and the parameter names in aodh service. This
allows operators more easily guess how the class and its parameters
correspond to the options in aodh.

Change-Id: I7ddc4af25f89317da6a794beba312841d2f1bc25

examples/aodh.pp

@@ -10,8 +10,8 @@ include apache
 class { 'aodh::wsgi::apache':
   ssl => false,
 }
-class { 'aodh::auth':
-  auth_password => 'a_big_secret',
+class { 'aodh::service_credentials':
+  password => 'a_big_secret',
 }
 class { 'aodh::evaluator': }
 class { 'aodh::notifier': }

manifests/auth.pp

@@ -1,17 +1,18 @@
+# DEPRECATED ! Use the aodh::service_credentails class instead
 # The aodh::auth class helps configure auth settings
 #
 # == Parameters
 #  [*auth_url*]
 #    the keystone public endpoint
-#    Optional. Defaults to 'http://localhost:5000/v3'
+#    Optional. Defaults to undef.
 #
 #  [*auth_region*]
 #    the keystone region of this node
-#    Optional. Defaults to 'RegionOne'
+#    Optional. Defaults to undef.
 #
 #  [*auth_user*]
 #    the keystone user for aodh services
-#    Optional. Defaults to 'aodh'
+#    Optional. Defaults to undef.
 #
 #  [*auth_password*]
 #    the keystone password for aodh services
@@ -19,55 +20,44 @@
 #
 #  [*auth_project_name*]
 #    the keystone tenant name for aodh services
-#    Optional. Defaults to 'services'
+#    Optional. Defaults to undef.
 #
 #  [*project_domain_name*]
 #    the keystone project domain name for aodh services
-#    Optional. Defaults to 'Default'
+#    Optional. Defaults to undef.
 #
 #  [*user_domain_name*]
 #    the keystone user domain name for aodh services
-#    Optional. Defaults to 'Default'
+#    Optional. Defaults to undef.
 #
 #  [*auth_type*]
 #    An authentication type to use with an OpenStack Identity server.
 #    The value should contain auth plugin name.
-#    Optional. Defaults to 'password'.
+#    Optional. Defaults to undef.
 #
 #  [*auth_cacert*]
 #    Certificate chain for SSL validation.
-#    Optional. Defaults to $::os_service_default
+#    Optional. Defaults to undef.
 #
 #  [*interface*]
 #    Type of endpoint in Identity service catalog to use for
 #    communication with OpenStack services.
-#    Optional. Defaults to $::os_service_default.
+#    Optional. Defaults to undef.
 #
 class aodh::auth (
   $auth_password,
-  $auth_url            = 'http://localhost:5000/v3',
-  $auth_region         = 'RegionOne',
-  $auth_user           = 'aodh',
-  $auth_project_name   = 'services',
-  $project_domain_name = 'Default',
-  $user_domain_name    = 'Default',
-  $auth_type           = 'password',
-  $auth_cacert         = $::os_service_default,
-  $interface           = $::os_service_default,
+  $auth_url            = undef,
+  $auth_region         = undef,
+  $auth_user           = undef,
+  $auth_project_name   = undef,
+  $project_domain_name = undef,
+  $user_domain_name    = undef,
+  $auth_type           = undef,
+  $auth_cacert         = undef,
+  $interface           = undef,
 ) {
 
-  include aodh::deps
+  warning('The aodh::auth class has been deprecated. Use the aodh::service_credentials class')
 
-  aodh_config {
-    'service_credentials/auth_url'            : value => $auth_url;
-    'service_credentials/region_name'         : value => $auth_region;
-    'service_credentials/username'            : value => $auth_user;
-    'service_credentials/password'            : value => $auth_password, secret => true;
-    'service_credentials/project_name'        : value => $auth_project_name;
-    'service_credentials/project_domain_name' : value => $project_domain_name;
-    'service_credentials/user_domain_name'    : value => $user_domain_name;
-    'service_credentials/cacert'              : value => $auth_cacert;
-    'service_credentials/interface'           : value => $interface;
-    'service_credentials/auth_type'           : value => $auth_type;
-  }
+  include aodh::service_credentials
 }

manifests/service_credentials.pp

@@ -0,0 +1,90 @@
+# The aodh::service_credentials class helps configure service_credentials
+# settings
+#
+# == Parameters
+#  [*auth_url*]
+#    the keystone public endpoint
+#    Optional. Defaults to 'http://localhost:5000/v3'
+#
+#  [*region_name*]
+#    the keystone region of this node
+#    Optional. Defaults to 'RegionOne'
+#
+#  [*username*]
+#    the keystone user for aodh services
+#    Optional. Defaults to 'aodh'
+#
+#  [*password*]
+#    the keystone password for aodh services
+#    Required.
+#
+#  [*project_name*]
+#    the keystone tenant name for aodh services
+#    Optional. Defaults to 'services'
+#
+#  [*project_domain_name*]
+#    the keystone project domain name for aodh services
+#    Optional. Defaults to 'Default'
+#
+#  [*user_domain_name*]
+#    the keystone user domain name for aodh services
+#    Optional. Defaults to 'Default'
+#
+#  [*auth_type*]
+#    An authentication type to use with an OpenStack Identity server.
+#    The value should contain auth plugin name.
+#    Optional. Defaults to 'password'.
+#
+#  [*cacert*]
+#    Certificate chain for SSL validation.
+#    Optional. Defaults to $::os_service_default
+#
+#  [*interface*]
+#    Type of endpoint in Identity service catalog to use for
+#    communication with OpenStack services.
+#    Optional. Defaults to $::os_service_default.
+#
+class aodh::service_credentials (
+  # TODO(tkajinam): Make this required when we remove aodh::auth
+  $password            = undef,
+  $auth_url            = 'http://localhost:5000/v3',
+  $region_name         = 'RegionOne',
+  $username            = 'aodh',
+  $project_name        = 'services',
+  $project_domain_name = 'Default',
+  $user_domain_name    = 'Default',
+  $auth_type           = 'password',
+  $cacert              = $::os_service_default,
+  $interface           = $::os_service_default,
+) {
+
+  include aodh::deps
+
+  $password_real = pick($::aodh::auth::auth_password, $password)
+  if ! $password_real {
+    fail('The password parameter is required')
+  }
+
+  $auth_url_real = pick($::aodh::auth::auth_url, $auth_url)
+  $region_name_real = pick($::aodh::auth_region, $region_name)
+  $username_real = pick($::aodh::auth_user, $username)
+  $project_name_real = pick($::aodh::auth::auth_project_name, $project_name)
+  $project_domain_name_real = pick($::aodh::auth::project_domain_name, $project_domain_name)
+  $user_domain_name_real = pick($::aodh::auth::user_domain_name, $user_domain_name)
+  $auth_type_real = pick($::aodh::auth::auth_type, $auth_type)
+  $cacert_real = pick($::aodh::auth::auth_cacert, $cacert)
+  $interface_real = pick($::aodh::auth::interface, $interface)
+
+  aodh_config {
+    'service_credentials/auth_url'            : value => $auth_url_real;
+    'service_credentials/region_name'         : value => $region_name_real;
+    'service_credentials/username'            : value => $username_real;
+    'service_credentials/password'            : value => $password_real, secret => true;
+    'service_credentials/project_name'        : value => $project_name_real;
+    'service_credentials/project_domain_name' : value => $project_domain_name_real;
+    'service_credentials/user_domain_name'    : value => $user_domain_name_real;
+    'service_credentials/cacert'              : value => $cacert_real;
+    'service_credentials/interface'           : value => $interface_real;
+    'service_credentials/auth_type'           : value => $auth_type_real;
+  }
+}

releasenotes/notes/service_credentials-2b3dd8ca51083a1d.yaml

@@ -0,0 +1,5 @@
+---
+deprecations:
+  - |
+    The ``aodh::auth`` class has been deprecated. Use the new
+    ``aodh::service_credentials`` class instead.

spec/classes/aodh_service_credentials_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe 'aodh::service_credentials' do
+
+  let :params do
+    { :auth_url     => 'http://localhost:5000/v3',
+      :region_name  => 'RegionOne',
+      :username     => 'aodh',
+      :password     => 'password',
+      :project_name => 'services',
+    }
+  end
+
+  shared_examples_for 'aodh::service_credentials' do
+
+    it 'configures authentication' do
+      is_expected.to contain_aodh_config('service_credentials/auth_url').with_value('http://localhost:5000/v3')
+      is_expected.to contain_aodh_config('service_credentials/region_name').with_value('RegionOne')
+      is_expected.to contain_aodh_config('service_credentials/project_domain_name').with_value('Default')
+      is_expected.to_not contain_aodh_config('service_credentials/project_domain_id')
+      is_expected.to contain_aodh_config('service_credentials/user_domain_name').with_value('Default')
+      is_expected.to_not contain_aodh_config('service_credentials/user_domain_id')
+      is_expected.to contain_aodh_config('service_credentials/auth_type').with_value('password')
+      is_expected.to contain_aodh_config('service_credentials/username').with_value('aodh')
+      is_expected.to contain_aodh_config('service_credentials/password').with_value('password').with_secret(true)
+      is_expected.to contain_aodh_config('service_credentials/project_name').with_value('services')
+      is_expected.to contain_aodh_config('service_credentials/cacert').with(:value => '<SERVICE DEFAULT>')
+    end
+
+    context 'when overriding parameters' do
+      before do
+        params.merge!(
+          :cacert    => '/tmp/dummy.pem',
+          :interface => 'internalURL',
+        )
+      end
+      it { is_expected.to contain_aodh_config('service_credentials/cacert').with_value(params[:cacert]) }
+      it { is_expected.to contain_aodh_config('service_credentials/interface').with_value(params[:interface]) }
+    end
+
+  end
+
+  on_supported_os({
+    :supported_os   => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_configures 'aodh::service_credentials'
+    end
+  end
+
+end