openstack/puppet-ceilometer
Code Issues Proposed changes

Merge "Use consistent names for service_credentials options"

Browse Source
This commit is contained in:
Zuul 2021-03-26 05:42:10 +00:00 committed by Gerrit Code Review
commit 458d0ad9cc
5 changed files with 191 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
manifests/agent/auth.pp
View File

@ -1,5 +1,6 @@
# == Class: ceilometer::agent::auth
#
# DEPRECATED !
# The ceilometer::agent::auth class helps configure common
# auth settings for the agents.
#
@ -7,22 +8,22 @@
#
# [*auth_url*]
# (Optional) the keystone public endpoint
# Defaults to 'http://localhost:5000'.
# Defaults to undef.
#
# [*auth_region*]
# (Optional) the keystone region of this node
# Defaults to $::os_service_default.
# Defaults to undef.
#
# [*auth_user*]
# (Optional) the keystone user for ceilometer services
# Defaults to 'ceilometer'.
# Defaults to undef.
#
# [*auth_password*]
# (Required) the keystone password for ceilometer services
#
# [*auth_tenant_name*]
# (Optional) the keystone tenant name for ceilometer services
# Defaults to 'services'.
# Defaults to undef.
#
# [*auth_tenant_id*]
# (Optional) the keystone tenant id for ceilometer services.
@ -39,58 +40,43 @@
#
# [*auth_user_domain_name*]
# (Optional) domain name for auth user.
# Defaults to 'Default'.
# Defaults to undef.
#
# [*auth_project_domain_name*]
# (Optional) domain name for auth project.
# Defaults to 'Default'.
# Defaults to undef.
#
# [*auth_type*]
# (Optional) Authentication type to load.
# Defaults to 'password'.
# Defaults to undef.
#
class ceilometer::agent::auth (
$auth_password,
$auth_url = 'http://localhost:5000',
$auth_region = $::os_service_default,
$auth_user = 'ceilometer',
$auth_tenant_name = 'services',
$auth_url = undef,
$auth_region = undef,
$auth_user = undef,
$auth_tenant_name = undef,
$auth_tenant_id = undef,
$auth_cacert = undef,
$auth_endpoint_type = undef,
$auth_user_domain_name = 'Default',
$auth_project_domain_name = 'Default',
$auth_type = 'password',
$auth_user_domain_name = undef,
$auth_project_domain_name = undef,
$auth_type = undef
) {
include ceilometer::deps
if ! $auth_cacert {
ceilometer_config { 'service_credentials/cafile': ensure => absent }
} else {
ceilometer_config { 'service_credentials/cafile': value => $auth_cacert }
}
warning('The ceilometer::agent::auth class has been deprecated. \
Use the ceilometer::agent::service_credentials classs instead')
ceilometer_config {
'service_credentials/auth_url' : value => $auth_url;
'service_credentials/region_name' : value => $auth_region;
'service_credentials/username' : value => $auth_user;
'service_credentials/password' : value => $auth_password, secret => true;
'service_credentials/project_name' : value => $auth_tenant_name;
'service_credentials/user_domain_name' : value => $auth_user_domain_name;
'service_credentials/project_domain_name': value => $auth_project_domain_name;
'service_credentials/auth_type' : value => $auth_type;
}
include ceilometer::agent::service_credentials
# Since we use names instead of ids for keystone credentials in most of
# our modules, we'll just deprecated this feature and don't migrate this
# to the new service_credentials class.
if $auth_tenant_id {
ceilometer_config {
'service_credentials/project_id' : value => $auth_tenant_id;
}
}
if $auth_endpoint_type {
ceilometer_config {
'service_credentials/interface' : value => $auth_endpoint_type;
}
}
}

90
manifests/agent/service_credentials.pp Normal file
View File

@ -0,0 +1,90 @@
# == Class: ceilometer::agent::service_credentials
#
# The ceilometer::agent::service_credentials class helps configure common
# service credentials settings for the agents.
#
# === Parameters:
#
# [*auth_url*]
# (Optional) the keystone public endpoint
# Defaults to 'http://localhost:5000'.
#
# [*region_name*]
# (Optional) the keystone region of this node
# Defaults to $::os_service_default.
#
# [*username*]
# (Optional) the keystone user for ceilometer services
# Defaults to 'ceilometer'.
#
# [*password*]
# (Required) the keystone password for ceilometer services
#
# [*project_name*]
# (Optional) the keystone project name for ceilometer services
# Defaults to 'services'.
#
# [*cafile*]
# (Optional) Certificate chain for SSL validation.
# Defaults to $::os_service_default.
#
# [*interface*]
# (Optional) Type of endpoint in Identity service catalog to use for
# communication with OpenStack services.
# Defaults to $::os_service_default.
#
# [*user_domain_name*]
# (Optional) domain name for auth user.
# Defaults to 'Default'.
#
# [*project_domain_name*]
# (Optional) domain name for auth project.
# Defaults to 'Default'.
#
# [*auth_type*]
# (Optional) Authentication type to load.
# Defaults to 'password'.
#
class ceilometer::agent::service_credentials (
$password = false,
$auth_url = 'http://localhost:5000',
$region_name = $::os_service_default,
$username = 'ceilometer',
$project_name = 'services',
$cafile = $::os_service_default,
$interface = $::os_service_default,
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$auth_type = 'password',
) {
include ceilometer::deps
$password_real = pick($::ceilometer::agent::auth::auth_password, $password)
if ! $password_real {
fail('The password parameter is required')
}
$auth_url_real = pick($::ceilometer::agent::auth::auth_url, $auth_url)
$region_name_real = pick($::ceilometer::agent::auth::auth_region, $region_name)
$username_real = pick($::ceilometer::agent::auth::auth_user, $username)
$project_name_real = pick($::ceilometer::agent::auth::auth_tenant_name, $project_name)
$cafile_real = pick($::ceilometer::agent::auth::auth_cacert, $cafile)
$interface_real = pick($::ceilometer::agent::auth::auth_endpoint_type, $interface)
$user_domain_name_real = pick($::ceilometer::agent::auth::auth_user_domain_name, $user_domain_name)
$project_domain_name_real = pick($::ceilometer::agent::auth::auth_project_domain_name, $project_domain_name)
$auth_type_real = pick($::ceilometer::agent::auth::auth_type, $auth_type)
ceilometer_config {
'service_credentials/auth_url' : value => $auth_url_real;
'service_credentials/region_name' : value => $region_name_real;
'service_credentials/username' : value => $username_real;
'service_credentials/password' : value => $password_real, secret => true;
'service_credentials/project_name' : value => $project_name_real;
'service_credentials/cafile' : value => $cafile_real;
'service_credentials/interface' : value => $interface_real;
'service_credentials/user_domain_name' : value => $user_domain_name_real;
'service_credentials/project_domain_name': value => $project_domain_name_real;
'service_credentials/auth_type' : value => $auth_type_real;
}
}

5
releasenotes/notes/service_credentials-c8bf6bbf763bc08e.yaml Normal file
View File

@ -0,0 +1,5 @@
---
deprecations:
- |
The ``ceilometer::agent::auth`` class has been deprecated. Use the
``ceilometer::agent::service_credentials`` class instead.

5
spec/classes/ceilometer_agent_auth_spec.rb
View File

@ -21,10 +21,9 @@ describe 'ceilometer::agent::auth' do
is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000')
is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer')
is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password')
is_expected.to contain_ceilometer_config('service_credentials/password').with_value(params[:auth_password]).with_secret(true)
is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true)
is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services')
is_expected.to contain_ceilometer_config('service_credentials/cafile').with(:ensure => 'absent')
is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('Default')
is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('Default')
is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('password')

73
spec/classes/ceilometer_agent_service_credentials_spec.rb Normal file
View File

@ -0,0 +1,73 @@
require 'spec_helper'
describe 'ceilometer::agent::service_credentials' do
let :pre_condition do
"class { 'ceilometer': telemetry_secret => 's3cr3t' }"
end
let :params do
{ :password => 'password' }
end
shared_examples_for 'ceilometer::agent::service_credentials' do
context 'wtih default values' do
it 'configures authentication' do
is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000')
is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer')
is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true)
is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services')
is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ceilometer_config('service_credentials/interface').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('Default')
is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('Default')
is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('password')
end
end
context 'when overriding parameters' do
before do
params.merge!(
:auth_url => 'http://192.168.0.1:5000',
:region_name => 'regionOne',
:username => 'ceilometer2',
:project_name => 'services2',
:cafile => '/tmp/dummy.pem',
:interface => 'internalURL',
:auth_type => 'v3password',
:user_domain_name => 'MyDomain',
:project_domain_name => 'MyProjDomain',
)
end
it 'configures the specified values' do
is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://192.168.0.1:5000')
is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('regionOne')
is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer2')
is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true)
is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services2')
is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('/tmp/dummy.pem')
is_expected.to contain_ceilometer_config('service_credentials/interface').with_value('internalURL')
is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('MyDomain')
is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('MyProjDomain')
is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('v3password')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ceilometer::agent::service_credentials'
end
end
end